Vulnerabilities > CVE-2019-11500 - Out-of-bounds Write vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2454-1.NASL description This update for dovecot22 fixes the following issues : CVE-2019-11500: Fixed a potential remote code execution in the IMAP and ManageSieve protocol parsers (bsc#1145559). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129350 published 2019-09-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129350 title SUSE SLES12 Security Update : dovecot22 (SUSE-SU-2019:2454-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-2885.NASL description From Red Hat Security Advisory 2019:2885 : An update for dovecot is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es) : * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 129264 published 2019-09-24 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129264 title Oracle Linux 6 : dovecot (ELSA-2019-2885) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2020-0020_DOVECOT.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has dovecot packages installed that are affected by a vulnerability: - In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because last seen 2020-03-18 modified 2020-03-08 plugin id 134314 published 2020-03-08 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134314 title NewStart CGSL MAIN 4.05 : dovecot Vulnerability (NS-SA-2020-0020) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-2836.NASL description An update for dovecot is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es) : * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 129148 published 2019-09-23 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129148 title RHEL 7 : dovecot (RHSA-2019:2836) NASL family Fedora Local Security Checks NASL id FEDORA_2019-EA638FB605.NASL description - CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129656 published 2019-10-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129656 title Fedora 31 : 1:dovecot (2019-ea638fb605) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-2822.NASL description From Red Hat Security Advisory 2019:2822 : An update for dovecot is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es) : * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 129328 published 2019-09-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129328 title Oracle Linux 8 : dovecot (ELSA-2019-2822) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1901.NASL description Nick Roessler and Rafi Rubin discovered that the IMAP and ManageSieve protocol parsers in the Dovecot email server do not properly validate input (both pre- and post-login). A remote attacker can take advantage of this flaw to trigger out of bounds heap memory writes, leading to information leaks or potentially the execution of arbitrary code. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 128393 published 2019-08-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128393 title Debian DLA-1901-1 : dovecot security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2243.NASL description According to the version of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because last seen 2020-05-08 modified 2019-11-08 plugin id 130705 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130705 title EulerOS 2.0 SP3 : dovecot (EulerOS-SA-2019-2243) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-2836.NASL description From Red Hat Security Advisory 2019:2836 : An update for dovecot is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es) : * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 129139 published 2019-09-23 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129139 title Oracle Linux 7 : dovecot (ELSA-2019-2836) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0244_DOVECOT.NASL description The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has dovecot packages installed that are affected by a vulnerability: - In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because last seen 2020-06-01 modified 2020-06-02 plugin id 132485 published 2019-12-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132485 title NewStart CGSL CORE 5.05 / MAIN 5.05 : dovecot Vulnerability (NS-SA-2019-0244) NASL family Scientific Linux Local Security Checks NASL id SL_20190920_DOVECOT_ON_SL7_X.NASL description Security Fix(es) : - dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-03-18 modified 2019-09-23 plugin id 129151 published 2019-09-23 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129151 title Scientific Linux Security Update : dovecot on SL7.x x86_64 (20190920) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4110-3.NASL description USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem. We apologize for the inconvenience. Original advisory details : Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128321 published 2019-08-29 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128321 title Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Dovecot regression (USN-4110-3) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-2885.NASL description An update for dovecot is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es) : * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 129472 published 2019-10-01 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129472 title CentOS 6 : dovecot (CESA-2019:2885) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2071.NASL description According to the version of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because last seen 2020-05-03 modified 2019-09-30 plugin id 129430 published 2019-09-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129430 title EulerOS 2.0 SP8 : dovecot (EulerOS-SA-2019-2071) NASL family Scientific Linux Local Security Checks NASL id SL_20190923_DOVECOT_ON_SL6_X.NASL description * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) last seen 2020-03-18 modified 2019-09-24 plugin id 129277 published 2019-09-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129277 title Scientific Linux Security Update : dovecot on SL6.x i386/x86_64 (20190923) NASL family Virtuozzo Local Security Checks NASL id VIRTUOZZO_VZLSA-2019-2836.NASL description An update for dovecot is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es) : * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129846 published 2019-10-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129846 title Virtuozzo 7 : dovecot / dovecot-devel / dovecot-mysql / etc (VZLSA-2019-2836) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-2836.NASL description An update for dovecot is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es) : * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 129393 published 2019-09-27 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129393 title CentOS 7 : dovecot (CESA-2019:2836) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-2822.NASL description An update for dovecot is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es) : * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 129090 published 2019-09-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129090 title RHEL 8 : dovecot (RHSA-2019:2822) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1347.NASL description In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because last seen 2020-06-01 modified 2020-06-02 plugin id 130600 published 2019-11-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130600 title Amazon Linux 2 : dovecot (ALAS-2019-1347) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0211_DOVECOT.NASL description The remote NewStart CGSL host, running version MAIN 4.06, has dovecot packages installed that are affected by a vulnerability: - In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because last seen 2020-06-01 modified 2020-06-02 plugin id 131770 published 2019-12-06 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131770 title NewStart CGSL MAIN 4.06 : dovecot Vulnerability (NS-SA-2019-0211) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2281.NASL description This update for dovecot23 fixes the following issues : - CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. (bsc#1145559) - CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel (bsc#1133625). - CVE-2019-11494: Fixed a denial of service if the authentication is aborted by disconnecting (bsc#1133624). This update was imported from the SUSE:SLE-15-SP1:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 129709 published 2019-10-08 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129709 title openSUSE Security Update : dovecot23 (openSUSE-2019-2281) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2514-1.NASL description This update for dovecot23 fixes the following issues : CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. (bsc#1145559) CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel (bsc#1133625). CVE-2019-11494: Fixed a denial of service if the authentication is aborted by disconnecting (bsc#1133624). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129554 published 2019-10-03 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129554 title SUSE SLES15 Security Update : dovecot23 (SUSE-SU-2019:2514-1) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0220_DOVECOT.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has dovecot packages installed that are affected by a vulnerability: - In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because last seen 2020-06-01 modified 2020-06-02 plugin id 131415 published 2019-12-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131415 title NewStart CGSL CORE 5.04 / MAIN 5.04 : dovecot Vulnerability (NS-SA-2019-0220) NASL family Fedora Local Security Checks NASL id FEDORA_2019-59D60BD1FA.NASL description - CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128568 published 2019-09-09 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128568 title Fedora 29 : 1:dovecot (2019-59d60bd1fa) NASL family Fedora Local Security Checks NASL id FEDORA_2019-3844281BE1.NASL description - CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128434 published 2019-09-03 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128434 title Fedora 30 : 1:dovecot (2019-3844281be1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201908-29.NASL description The remote host is affected by the vulnerability described in GLSA-201908-29 (Dovecot: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Dovecot. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated remote attacker could send a specially crafted mail or use crafted IMAP commands possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 128444 published 2019-09-03 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128444 title GLSA-201908-29 : Dovecot: Multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-2885.NASL description An update for dovecot is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es) : * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 129276 published 2019-09-24 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129276 title RHEL 6 : dovecot (RHSA-2019:2885) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4110-1.NASL description Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128320 published 2019-08-29 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128320 title Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : dovecot vulnerability (USN-4110-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_ABAAECDAEA1643E2BAD0D34A9AC576B1.NASL description Aki Tuomi reports : Vulnerability Details : IMAP and ManageSieve protocol parsers do not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes. Risk : This vulnerability allows for out-of-bounds writes to objects stored on the heap up to 8096 bytes in pre-login phase, and 65536 bytes post-login phase, allowing sufficiently skilled attacker to perform complicated attacks that can lead to leaking private information or remote code execution. Abuse of this bug is very difficult to observe, as it does not necessarily cause a crash. Attempts to abuse this bug are not directly evident from logs. last seen 2020-06-01 modified 2020-06-02 plugin id 128310 published 2019-08-29 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128310 title FreeBSD : Dovecot -- improper input validation (abaaecda-ea16-43e2-bad0-d34a9ac576b1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2138.NASL description According to the versions of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because last seen 2020-05-08 modified 2019-11-12 plugin id 130847 published 2019-11-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130847 title EulerOS 2.0 SP5 : dovecot (EulerOS-SA-2019-2138) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4510.NASL description Nick Roessler and Rafi Rubin discovered that the IMAP and ManageSieve protocol parsers in the Dovecot email server do not properly validate input (both pre- and post-login). A remote attacker can take advantage of this flaw to trigger out of bounds heap memory writes, leading to information leaks or potentially the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 128307 published 2019-08-29 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128307 title Debian DSA-4510-1 : dovecot - security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2278.NASL description This update for dovecot23 fixes the following issue : - CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. (bsc#1145559) - CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel (bsc#1133625). - CVE-2019-11494: Fixed a denial of service if the authentication is aborted by disconnecting (bsc#1133624). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 129706 published 2019-10-08 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129706 title openSUSE Security Update : dovecot23 (openSUSE-2019-2278) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2372.NASL description According to the versions of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.(CVE-2017-15130) - A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.(CVE-2017-14461) - In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because last seen 2020-05-08 modified 2019-12-10 plugin id 131864 published 2019-12-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131864 title EulerOS 2.0 SP2 : dovecot (EulerOS-SA-2019-2372)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://www.openwall.com/lists/oss-security/2019/08/28/3
- https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html
- https://www.dovecot.org/security.html
- https://lists.debian.org/debian-lts-announce/2019/08/msg00035.html
- https://security.gentoo.org/glsa/201908-29
- https://access.redhat.com/errata/RHSA-2019:2822
- https://access.redhat.com/errata/RHSA-2019:2836
- https://access.redhat.com/errata/RHSA-2019:2885
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/