oss-sec mailing list archives

Re: CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header

From: Josh Bressers <bressers () redhat com>
Date: Thu, 1 Apr 2010 11:52:06 -0400 (EDT)

----- "Jan Lieskovsky" <jlieskov () redhat com> wrote:

Hi Steve, vendors,

   Dovecot upstream has released latest v1.2.11 version of Dovecot IMAP
   server: [1]

   http://www.dovecot.org/list/dovecot-news/2010-March/000152.html

   addressing one denial of service issue (from upstream announcement):
   "mbox users really should upgrade, because by sending a message with a
   huge header you could basically cause a DoS (this problem exists only
   with v1.2.x, not with v1.0 or v1.1)."

   References:
     [2] http://dovecot.org/pipermail/dovecot/2010-February/047190.html
     [3] http://dovecot.org/pipermail/dovecot/2010-February/047058.html
     [4] http://secunia.com/advisories/38881/


Please use CVE-2010-0745

Thanks.

-- 
    JB

Current thread:

Re: CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header Josh Bressers (Apr 01)