Date: Wed, 10 Mar 2010 18:30:46 +0100 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> CC: oss-security <oss-security@...ts.openwall.com> Subject: CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header Hi Steve, vendors, Dovecot upstream has released latest v1.2.11 version of Dovecot IMAP server:  http://www.dovecot.org/list/dovecot-news/2010-March/000152.html addressing one denial of service issue (from upstream announcement): "mbox users really should upgrade, because by sending a message with a huge header you could basically cause a DoS (this problem exists only with v1.2.x, not with v1.0 or v1.1)." References:  http://dovecot.org/pipermail/dovecot/2010-February/047190.html  http://dovecot.org/pipermail/dovecot/2010-February/047058.html  http://secunia.com/advisories/38881/ Could you allocate a CVE id for it? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ