Denial of Service : Dovecot 2.2 < 2.3.11.3 Multiple DoS Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.108849

Categoría: Denial of Service

Título: Dovecot 2.2 < 2.3.11.3 Multiple DoS Vulnerabilities

Resumen: Dovecot is prone to multiple denial of service (DoS); vulnerabilities.

Descripción: Summary:
Dovecot is prone to multiple denial of service (DoS)
vulnerabilities.

Vulnerability Insight:
Dovecot is prone to multiple vulnerabilities:

- The NTLM implementation does not correctly check message buffer size, which leads to reading past
allocation which can lead to crash. (CVE-2020-12673)

- The RPA mechanism implementation accepts zero-length message, which leads to assert-crash
later on. (CVE-2020-12674)

Affected Software/OS:
Dovecot versions 2.2 - 2.3.11.2.

Solution:
Update to version 2.3.11.3 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-12673
Debian Security Information: DSA-4745 (Google Search)
https://www.debian.org/security/2020/dsa-4745
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XKKAL3OMG76ZZ7CIEMQP2K6KCTD2RAKE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2/
https://security.gentoo.org/glsa/202009-02
https://dovecot.org/security
https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html
SuSE Security Announcement: openSUSE-SU-2020:1241 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00048.html
SuSE Security Announcement: openSUSE-SU-2020:1262 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00059.html
https://usn.ubuntu.com/4456-1/
https://usn.ubuntu.com/4456-2/
Common Vulnerability Exposure (CVE) ID: CVE-2020-12674

Copyright Copyright (C) 2020 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.108849
Categoría:	Denial of Service
Título:	Dovecot 2.2 < 2.3.11.3 Multiple DoS Vulnerabilities
Resumen:	Dovecot is prone to multiple denial of service (DoS); vulnerabilities.
Descripción:	Summary: Dovecot is prone to multiple denial of service (DoS) vulnerabilities. Vulnerability Insight: Dovecot is prone to multiple vulnerabilities: - The NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. (CVE-2020-12673) - The RPA mechanism implementation accepts zero-length message, which leads to assert-crash later on. (CVE-2020-12674) Affected Software/OS: Dovecot versions 2.2 - 2.3.11.2. Solution: Update to version 2.3.11.3 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-12673 Debian Security Information: DSA-4745 (Google Search) https://www.debian.org/security/2020/dsa-4745 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XKKAL3OMG76ZZ7CIEMQP2K6KCTD2RAKE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2/ https://security.gentoo.org/glsa/202009-02 https://dovecot.org/security https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html SuSE Security Announcement: openSUSE-SU-2020:1241 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00048.html SuSE Security Announcement: openSUSE-SU-2020:1262 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00059.html https://usn.ubuntu.com/4456-1/ https://usn.ubuntu.com/4456-2/ Common Vulnerability Exposure (CVE) ID: CVE-2020-12674
Copyright	Copyright (C) 2020 Greenbone AG