Test Kennung:	1.3.6.1.4.1.25623.1.0.113215
Kategorie:	Denial of Service
Titel:	Dovecot User Authentication Denial of Service Vulnerability
Zusammenfassung:	Dovecot is prone to a Denial of Service vulnerability within the user authentication.
Beschreibung:	Summary: Dovecot is prone to a Denial of Service vulnerability within the user authentication. Vulnerability Insight: When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client is sent through var_expand() to perform %variable expansion. Sending specially crafed %variable fields can result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang. Vulnerability Impact: Successful exploitation would allow an attacker to temporarily deny every user to access the application. Affected Software/OS: Dovecot versions 2.2.26 through 2.2.28. Solution: Update to version 2.2.29. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-2669 BugTraq ID: 97536 http://www.securityfocus.com/bid/97536 Debian Security Information: DSA-3828 (Google Search) https://www.debian.org/security/2017/dsa-3828 https://dovecot.org/pipermail/dovecot-news/2017-April/000341.html http://www.openwall.com/lists/oss-security/2017/04/11/1
Copyright	Copyright (C) 2018 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.