ID de Prueba:	1.3.6.1.4.1.25623.1.0.113215
Categoría:	Denial of Service
Título:	Dovecot User Authentication Denial of Service Vulnerability
Resumen:	Dovecot is prone to a Denial of Service vulnerability within the user authentication.
Descripción:	Summary: Dovecot is prone to a Denial of Service vulnerability within the user authentication. Vulnerability Insight: When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client is sent through var_expand() to perform %variable expansion. Sending specially crafed %variable fields can result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang. Vulnerability Impact: Successful exploitation would allow an attacker to temporarily deny every user to access the application. Affected Software/OS: Dovecot versions 2.2.26 through 2.2.28. Solution: Update to version 2.2.29. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-2669 BugTraq ID: 97536 http://www.securityfocus.com/bid/97536 Debian Security Information: DSA-3828 (Google Search) https://www.debian.org/security/2017/dsa-3828 https://dovecot.org/pipermail/dovecot-news/2017-April/000341.html http://www.openwall.com/lists/oss-security/2017/04/11/1
Copyright	Copyright (C) 2018 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.