oss-sec mailing list archives
Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11)
From: Matthias Weckbecker <mweckbecker () suse de>
Date: Tue, 04 Dec 2012 18:12:29 +0100
Hi Kurt, Vincent, vendors, ... Quoting Kurt Seifried <kseifried () redhat com>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/03/2012 10:33 AM, Vincent Danen wrote:Could a CVE be assigned for the following please? Dovecot 2.1.11 was released and includes a fix for a crash condition when the IMAP server was issued a SEARCH command with multiple KEYWORD parameters. An authenticated remote user could use this flaw to crash Dovecot.
[...]
Thanks.Please use CVE-2012-5620 for this issue.
We were discussing this issue too at [1] and think that it does only affect the current connection, no subsequent (i.e. new) connections are affected. What's your opinion wrt this? [1] https://bugzilla.novell.com/show_bug.cgi?id=792642
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
[...] Thanks, Matthias -- Matthias Weckbecker, Senior Security Engineer, SUSE Security Team SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg, Germany Tel: +49-911-74053-0; http://opensuse.org/ SUSE LINUX Products GmbH, GF: Jeff Hawn, HRB 16746 (AG Nuernberg)
Current thread:
- CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Vincent Danen (Dec 03)
- Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Kurt Seifried (Dec 03)
- Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Matthias Weckbecker (Dec 04)
- Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Moritz Muehlenhoff (Dec 04)
- Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Vincent Danen (Dec 04)
- Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Kurt Seifried (Dec 04)
- Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Matthias Weckbecker (Dec 04)
- Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Kurt Seifried (Dec 03)