Vulnerabilities > CVE-2019-11500 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
dovecot
debian
fedoraproject
CWE-787
critical
nessus

Summary

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.

Vulnerable Configurations

Part Description Count
Application
Dovecot
315
OS
Debian
1
OS
Fedoraproject
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2454-1.NASL
    descriptionThis update for dovecot22 fixes the following issues : CVE-2019-11500: Fixed a potential remote code execution in the IMAP and ManageSieve protocol parsers (bsc#1145559). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129350
    published2019-09-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129350
    titleSUSE SLES12 Security Update : dovecot22 (SUSE-SU-2019:2454-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-2885.NASL
    descriptionFrom Red Hat Security Advisory 2019:2885 : An update for dovecot is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es) : * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id129264
    published2019-09-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129264
    titleOracle Linux 6 : dovecot (ELSA-2019-2885)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2020-0020_DOVECOT.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has dovecot packages installed that are affected by a vulnerability: - In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because
    last seen2020-03-18
    modified2020-03-08
    plugin id134314
    published2020-03-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134314
    titleNewStart CGSL MAIN 4.05 : dovecot Vulnerability (NS-SA-2020-0020)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2836.NASL
    descriptionAn update for dovecot is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es) : * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id129148
    published2019-09-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129148
    titleRHEL 7 : dovecot (RHSA-2019:2836)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-EA638FB605.NASL
    description - CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129656
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129656
    titleFedora 31 : 1:dovecot (2019-ea638fb605)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-2822.NASL
    descriptionFrom Red Hat Security Advisory 2019:2822 : An update for dovecot is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es) : * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id129328
    published2019-09-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129328
    titleOracle Linux 8 : dovecot (ELSA-2019-2822)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1901.NASL
    descriptionNick Roessler and Rafi Rubin discovered that the IMAP and ManageSieve protocol parsers in the Dovecot email server do not properly validate input (both pre- and post-login). A remote attacker can take advantage of this flaw to trigger out of bounds heap memory writes, leading to information leaks or potentially the execution of arbitrary code. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id128393
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128393
    titleDebian DLA-1901-1 : dovecot security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2243.NASL
    descriptionAccording to the version of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because
    last seen2020-05-08
    modified2019-11-08
    plugin id130705
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130705
    titleEulerOS 2.0 SP3 : dovecot (EulerOS-SA-2019-2243)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-2836.NASL
    descriptionFrom Red Hat Security Advisory 2019:2836 : An update for dovecot is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es) : * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id129139
    published2019-09-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129139
    titleOracle Linux 7 : dovecot (ELSA-2019-2836)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0244_DOVECOT.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has dovecot packages installed that are affected by a vulnerability: - In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because
    last seen2020-06-01
    modified2020-06-02
    plugin id132485
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132485
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : dovecot Vulnerability (NS-SA-2019-0244)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190920_DOVECOT_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-18
    modified2019-09-23
    plugin id129151
    published2019-09-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129151
    titleScientific Linux Security Update : dovecot on SL7.x x86_64 (20190920)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4110-3.NASL
    descriptionUSN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem. We apologize for the inconvenience. Original advisory details : Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128321
    published2019-08-29
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128321
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 : Dovecot regression (USN-4110-3)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2885.NASL
    descriptionAn update for dovecot is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es) : * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id129472
    published2019-10-01
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129472
    titleCentOS 6 : dovecot (CESA-2019:2885)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2071.NASL
    descriptionAccording to the version of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because
    last seen2020-05-03
    modified2019-09-30
    plugin id129430
    published2019-09-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129430
    titleEulerOS 2.0 SP8 : dovecot (EulerOS-SA-2019-2071)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190923_DOVECOT_ON_SL6_X.NASL
    description* dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500)
    last seen2020-03-18
    modified2019-09-24
    plugin id129277
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129277
    titleScientific Linux Security Update : dovecot on SL6.x i386/x86_64 (20190923)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2019-2836.NASL
    descriptionAn update for dovecot is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es) : * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129846
    published2019-10-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129846
    titleVirtuozzo 7 : dovecot / dovecot-devel / dovecot-mysql / etc (VZLSA-2019-2836)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2836.NASL
    descriptionAn update for dovecot is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es) : * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id129393
    published2019-09-27
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129393
    titleCentOS 7 : dovecot (CESA-2019:2836)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2822.NASL
    descriptionAn update for dovecot is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es) : * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id129090
    published2019-09-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129090
    titleRHEL 8 : dovecot (RHSA-2019:2822)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1347.NASL
    descriptionIn Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because
    last seen2020-06-01
    modified2020-06-02
    plugin id130600
    published2019-11-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130600
    titleAmazon Linux 2 : dovecot (ALAS-2019-1347)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0211_DOVECOT.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.06, has dovecot packages installed that are affected by a vulnerability: - In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because
    last seen2020-06-01
    modified2020-06-02
    plugin id131770
    published2019-12-06
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131770
    titleNewStart CGSL MAIN 4.06 : dovecot Vulnerability (NS-SA-2019-0211)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2281.NASL
    descriptionThis update for dovecot23 fixes the following issues : - CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. (bsc#1145559) - CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel (bsc#1133625). - CVE-2019-11494: Fixed a denial of service if the authentication is aborted by disconnecting (bsc#1133624). This update was imported from the SUSE:SLE-15-SP1:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id129709
    published2019-10-08
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129709
    titleopenSUSE Security Update : dovecot23 (openSUSE-2019-2281)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2514-1.NASL
    descriptionThis update for dovecot23 fixes the following issues : CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. (bsc#1145559) CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel (bsc#1133625). CVE-2019-11494: Fixed a denial of service if the authentication is aborted by disconnecting (bsc#1133624). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129554
    published2019-10-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129554
    titleSUSE SLES15 Security Update : dovecot23 (SUSE-SU-2019:2514-1)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0220_DOVECOT.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has dovecot packages installed that are affected by a vulnerability: - In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because
    last seen2020-06-01
    modified2020-06-02
    plugin id131415
    published2019-12-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131415
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : dovecot Vulnerability (NS-SA-2019-0220)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-59D60BD1FA.NASL
    description - CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128568
    published2019-09-09
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128568
    titleFedora 29 : 1:dovecot (2019-59d60bd1fa)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-3844281BE1.NASL
    description - CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128434
    published2019-09-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128434
    titleFedora 30 : 1:dovecot (2019-3844281be1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201908-29.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201908-29 (Dovecot: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Dovecot. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated remote attacker could send a specially crafted mail or use crafted IMAP commands possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id128444
    published2019-09-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128444
    titleGLSA-201908-29 : Dovecot: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2885.NASL
    descriptionAn update for dovecot is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es) : * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id129276
    published2019-09-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129276
    titleRHEL 6 : dovecot (RHSA-2019:2885)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4110-1.NASL
    descriptionNick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128320
    published2019-08-29
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128320
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 : dovecot vulnerability (USN-4110-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_ABAAECDAEA1643E2BAD0D34A9AC576B1.NASL
    descriptionAki Tuomi reports : Vulnerability Details : IMAP and ManageSieve protocol parsers do not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes. Risk : This vulnerability allows for out-of-bounds writes to objects stored on the heap up to 8096 bytes in pre-login phase, and 65536 bytes post-login phase, allowing sufficiently skilled attacker to perform complicated attacks that can lead to leaking private information or remote code execution. Abuse of this bug is very difficult to observe, as it does not necessarily cause a crash. Attempts to abuse this bug are not directly evident from logs.
    last seen2020-06-01
    modified2020-06-02
    plugin id128310
    published2019-08-29
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128310
    titleFreeBSD : Dovecot -- improper input validation (abaaecda-ea16-43e2-bad0-d34a9ac576b1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2138.NASL
    descriptionAccording to the versions of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because
    last seen2020-05-08
    modified2019-11-12
    plugin id130847
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130847
    titleEulerOS 2.0 SP5 : dovecot (EulerOS-SA-2019-2138)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4510.NASL
    descriptionNick Roessler and Rafi Rubin discovered that the IMAP and ManageSieve protocol parsers in the Dovecot email server do not properly validate input (both pre- and post-login). A remote attacker can take advantage of this flaw to trigger out of bounds heap memory writes, leading to information leaks or potentially the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id128307
    published2019-08-29
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128307
    titleDebian DSA-4510-1 : dovecot - security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2278.NASL
    descriptionThis update for dovecot23 fixes the following issue : - CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. (bsc#1145559) - CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel (bsc#1133625). - CVE-2019-11494: Fixed a denial of service if the authentication is aborted by disconnecting (bsc#1133624). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id129706
    published2019-10-08
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129706
    titleopenSUSE Security Update : dovecot23 (openSUSE-2019-2278)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2372.NASL
    descriptionAccording to the versions of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.(CVE-2017-15130) - A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.(CVE-2017-14461) - In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because
    last seen2020-05-08
    modified2019-12-10
    plugin id131864
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131864
    titleEulerOS 2.0 SP2 : dovecot (EulerOS-SA-2019-2372)

Redhat

advisories
  • bugzilla
    id1741141
    titleCVE-2019-11500 dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentdovecot-debugsource is earlier than 1:2.2.36-5.el8_0.1
            ovaloval:com.redhat.rhsa:tst:20192822001
          • commentdovecot-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20192822002
        • AND
          • commentdovecot-pgsql is earlier than 1:2.2.36-5.el8_0.1
            ovaloval:com.redhat.rhsa:tst:20192822003
          • commentdovecot-pgsql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110600004
        • AND
          • commentdovecot-mysql is earlier than 1:2.2.36-5.el8_0.1
            ovaloval:com.redhat.rhsa:tst:20192822005
          • commentdovecot-mysql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110600002
        • AND
          • commentdovecot is earlier than 1:2.2.36-5.el8_0.1
            ovaloval:com.redhat.rhsa:tst:20192822007
          • commentdovecot is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110600008
        • AND
          • commentdovecot-devel is earlier than 1:2.2.36-5.el8_0.1
            ovaloval:com.redhat.rhsa:tst:20192822009
          • commentdovecot-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110600010
    rhsa
    idRHSA-2019:2822
    released2019-09-20
    severityImportant
    titleRHSA-2019:2822: dovecot security update (Important)
  • bugzilla
    id1741141
    titleCVE-2019-11500 dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentdovecot-devel is earlier than 1:2.2.36-3.el7_7.1
            ovaloval:com.redhat.rhsa:tst:20192836001
          • commentdovecot-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110600010
        • AND
          • commentdovecot-pigeonhole is earlier than 1:2.2.36-3.el7_7.1
            ovaloval:com.redhat.rhsa:tst:20192836003
          • commentdovecot-pigeonhole is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110600006
        • AND
          • commentdovecot-pgsql is earlier than 1:2.2.36-3.el7_7.1
            ovaloval:com.redhat.rhsa:tst:20192836005
          • commentdovecot-pgsql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110600004
        • AND
          • commentdovecot-mysql is earlier than 1:2.2.36-3.el7_7.1
            ovaloval:com.redhat.rhsa:tst:20192836007
          • commentdovecot-mysql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110600002
        • AND
          • commentdovecot is earlier than 1:2.2.36-3.el7_7.1
            ovaloval:com.redhat.rhsa:tst:20192836009
          • commentdovecot is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110600008
    rhsa
    idRHSA-2019:2836
    released2019-09-20
    severityImportant
    titleRHSA-2019:2836: dovecot security update (Important)
  • bugzilla
    id1741141
    titleCVE-2019-11500 dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentdovecot-pigeonhole is earlier than 1:2.0.9-22.el6_10.1
            ovaloval:com.redhat.rhsa:tst:20192885001
          • commentdovecot-pigeonhole is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110600006
        • AND
          • commentdovecot-pgsql is earlier than 1:2.0.9-22.el6_10.1
            ovaloval:com.redhat.rhsa:tst:20192885003
          • commentdovecot-pgsql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110600004
        • AND
          • commentdovecot-mysql is earlier than 1:2.0.9-22.el6_10.1
            ovaloval:com.redhat.rhsa:tst:20192885005
          • commentdovecot-mysql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110600002
        • AND
          • commentdovecot is earlier than 1:2.0.9-22.el6_10.1
            ovaloval:com.redhat.rhsa:tst:20192885007
          • commentdovecot is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110600008
        • AND
          • commentdovecot-devel is earlier than 1:2.0.9-22.el6_10.1
            ovaloval:com.redhat.rhsa:tst:20192885009
          • commentdovecot-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110600010
    rhsa
    idRHSA-2019:2885
    released2019-09-23
    severityImportant
    titleRHSA-2019:2885: dovecot security update (Important)
rpms
  • dovecot-1:2.2.36-5.el8_0.1
  • dovecot-debuginfo-1:2.2.36-5.el8_0.1
  • dovecot-debugsource-1:2.2.36-5.el8_0.1
  • dovecot-devel-1:2.2.36-5.el8_0.1
  • dovecot-mysql-1:2.2.36-5.el8_0.1
  • dovecot-mysql-debuginfo-1:2.2.36-5.el8_0.1
  • dovecot-pgsql-1:2.2.36-5.el8_0.1
  • dovecot-pgsql-debuginfo-1:2.2.36-5.el8_0.1
  • dovecot-pigeonhole-debuginfo-1:2.2.36-5.el8_0.1
  • dovecot-1:2.2.36-3.el7_7.1
  • dovecot-debuginfo-1:2.2.36-3.el7_7.1
  • dovecot-devel-1:2.2.36-3.el7_7.1
  • dovecot-mysql-1:2.2.36-3.el7_7.1
  • dovecot-pgsql-1:2.2.36-3.el7_7.1
  • dovecot-pigeonhole-1:2.2.36-3.el7_7.1
  • dovecot-1:2.0.9-22.el6_10.1
  • dovecot-debuginfo-1:2.0.9-22.el6_10.1
  • dovecot-devel-1:2.0.9-22.el6_10.1
  • dovecot-mysql-1:2.0.9-22.el6_10.1
  • dovecot-pgsql-1:2.0.9-22.el6_10.1
  • dovecot-pigeonhole-1:2.0.9-22.el6_10.1

References