lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1076442947.215.1556631305811@appsuite-dev-guard.open-xchange.com>
Date: Tue, 30 Apr 2019 16:35:05 +0300 (EEST)
From: Aki Tuomi via Fulldisclosure <fulldisclosure@...lists.org>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>,
 "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: [FD] Multiple vulnerabilities in Dovecot 2.3

Dear subscribers, we have been made aware of two critical vulnerabilities in Dovecot 2.3. Please find patches attached for 2.3.5.2.

---
Aki Tuomi
Open-Xchange oy

------

Open-Xchange Security Advisory 2019-04-30

Product: Dovecot
Vendor: OX Software GmbH

Internal reference: DOV-3212 (Bug ID)
Vulnerability type: CWE-476
Vulnerable version: 2.3.0 - 2.3.5.2
Vulnerable component: submission-login
Report confidence: Confirmed
Researcher credits: Marcelo Coelho
Solution status: Fixed by Vendor
Fixed version: 2.3.6
Vendor notificatio: 2019-03-11
Solution date: 2019-04-23
Public disclosure: 2019-04-30Q
CVE reference: CVE-2019-11494
CVSS: 7.5 (CVSS3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Vulnerability Details:
Submission-login crashes with signal 11 due to null pointer access when authentication is aborted by disconnecting. This can lead to denial-of-service attack by persistent attacker(s).

Workaround:
There is no available workaround for this issue.

Solution:
Operators should upgrade to a fixed version.

----

Open-Xchange Security Advisory 2019-04-30
Product: Dovecot
Vendor: OX Software GmbH

Internal reference: DOV-3223 (Bug ID)
Vulnerability type: CWE-617
Vulnerable version: 2.3.0 - 2.3.5.2
Vulnerable component: submission-login
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.6
Vendor notification: 2019-03-11
Solution date: 2019-04-23
Public disclosure: 2019-04-30
CVE reference: CVE-2019-11499
CVSS: 7.5 (CVSS3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Vulnerability Details:
Submission-login crashes when authentication is started over TLS secured channel and invalid authentication message is sent. This can lead to denial-of-service attack by persistent attacker(s).

Workaround:
Authentication crash can be avoided if authentication is done without TLS.

Solution:
Operators should upgrade to a fixed version.
View attachment "0001-submission-login-Remove-unused-client-pending_startt.patch" of type "text/x-patch" (843 bytes)

View attachment "0002-submission-login-client-authenticate-Fix-crash-occur.patch" of type "text/x-patch" (1391 bytes)

View attachment "0003-lib-smtp-smtp-server-cmd-auth-Fix-AUTH-response-erro.patch" of type "text/x-patch" (1466 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (476 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ