ArchLinux: 202005-9: dovecot: multiple issues

    Date 23 May 2020
    99
    Posted By LinuxSecurity Advisories
    The package dovecot before version 2.3.10.1-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.
    Arch Linux Security Advisory ASA-202005-9
    =========================================
    
    Severity: High
    Date    : 2020-05-19
    CVE-ID  : CVE-2020-10957 CVE-2020-10958 CVE-2020-10967
    Package : dovecot
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1162
    
    Summary
    =======
    
    The package dovecot before version 2.3.10.1-1 is vulnerable to multiple
    issues including arbitrary code execution and denial of service.
    
    Resolution
    ==========
    
    Upgrade to 2.3.10.1-1.
    
    # pacman -Syu "dovecot>=2.3.10.1-1"
    
    The problems have been fixed upstream in version 2.3.10.1.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2020-10957 (denial of service)
    
    A NULL-pointer dereference issue has been found in Dovecot before
    2.3.10.1 in the lmtp/submission component. A client can crash the
    server by sending a NOOP command with an invalid string parameter. This
    occurs particularly for a parameter that doesn't start with a double
    quote. This applies to all SMTP services, including submission-login,
    which makes it possible to crash the submission service without
    authentication.
    
    - CVE-2020-10958 (arbitrary code execution)
    
    A security issue has been found in Dovecot before 2.3.10.1 in the
    lmtp/submission component. Sending many invalid or unknown commands can
    cause the server to access freed memory, which can lead to a server
    crash. This happens when the server closes the connection with a "421
    Too many invalid commands" error. The bad command limit depends on the
    service (lmtp or submission) and varies between 10 to 20 bad commands.
    
    - CVE-2020-10967 (denial of service)
    
    A security issue has been found in Dovecot before 2.3.10.1 in the
    lmtp/submission component. An authenticated attacker could send an
    e-mail via the submission service with empty quoted localpart which
    would cause the submission or lmtp component to crash. An
    unauthenticated attacker could send an e-mail with a bad sender or
    recipient address, causing the e-mail to be passed to LMTP for delivery
    and then crash the LMTP component unless some kind of filtering has
    been set up on the MTA level.
    
    Impact
    ======
    
    A remote, unauthenticated attacker can crash the server, causing a
    denial of service. Under certain circumstances it might be possible for
    a remote attacker to execute arbitrary code on the affected host.
    
    References
    ==========
    
    https://dovecot.org/pipermail/dovecot-news/2020-May/000437.html
    https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html
    https://github.com/dovecot/core/commit/d143ca6b7ee1196ae3eafffbf6dee71a95a5e0b8
    https://github.com/dovecot/core/commit/606724bd528b92347dce580d3ab48fc1e3c2f4d7
    https://github.com/dovecot/core/commit/aedb205c79395de77127fb7166b29b09319df23c
    https://github.com/dovecot/core/commit/874817b169d19a4ae51d80ad5798a396bfe90136
    https://github.com/dovecot/core/commit/5efeccc10beccbf8d7700adec1278f97d416cbc6
    https://github.com/dovecot/core/commit/2b4f1e47a4ca8a192bf3f7e944c0ad07b21b2ed1
    https://github.com/dovecot/core/commit/563bf21d8228a3c06c63b3f289a90ca3d0c579a4
    https://github.com/dovecot/core/commit/18d5837748d3eafe56e080653d5ed0b3e221be0b
    https://github.com/dovecot/core/commit/063462d588eaea6f266596fae5f5470792dcc98d
    https://github.com/dovecot/core/commit/b34002a4ca301ed94cd944ee3504287ed7e58031
    https://github.com/dovecot/core/commit/92d9690da195b6ceaa878ab1df6c7c31a75f63f8
    https://github.com/dovecot/core/commit/cbab48f174580bfb8d49321d8d336f96a231b0cd
    https://security.archlinux.org/CVE-2020-10957
    https://security.archlinux.org/CVE-2020-10958
    https://security.archlinux.org/CVE-2020-10967
    

    LinuxSecurity Poll

    Do you agree with Linus Torvalds' decision to reject the controversial patch mitigating the Snoop attack on Intel CPUs?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/28-do-you-agree-with-linus-torvalds-decision-to-reject-the-controversial-patch-mitigating-the-snoop-attack-on-intel-cpus?task=poll.vote&format=json
    28
    radio
    [{"id":"100","title":"Yes - this was undoubtedly the right decision.","votes":"1","type":"x","order":"1","pct":50,"resources":[]},{"id":"101","title":"Not sure...","votes":"1","type":"x","order":"2","pct":50,"resources":[]},{"id":"102","title":"No - he made a big mistake here.","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.