Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 9 May 2014 16:55:12 -0400 (EDT)
From: cve-assign@...re.org
To: henri@...v.fi
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: Denial of Service attacks against Dovecot v1.1+

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> This "destroy oldest connection" however hasn't been working in v1.1+
> releases for connections that have started SSL/TLS handshake
> 
> http://permalink.gmane.org/gmane.mail.imap.dovecot/77499
> http://hg.dovecot.org/dovecot-2.2/rev/41622541a7a3
> http://hg.dovecot.org/dovecot-2.1/rev/b7ac23b4d339
> http://hg.dovecot.org/dovecot-2.0/rev/48f90e7e92dc
> http://hg.dovecot.org/dovecot-1.2/rev/8ba4253adc9b
> http://hg.dovecot.org/dovecot-1.1/rev/fe0e6550585c

Use CVE-2014-3430.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTbUBwAAoJEKllVAevmvmsIgAH+wQ9ncZEPXDAjJq3w+6r1zxG
P2Sb1emKfynjlYwhYd1fIH/RAV3nOqneQRwAfeUmJ3PjKTmswkmkt7H++kfcx1Kk
JI3ZHf6Ao+1vgcm1hGzmkhwpi/FHZqzTCfu/AWOTt0R2xk0WGx2z+2C8ai/z+3xy
qW3llZ0QY61am9leFdbq70c9RtJkOkV2sZBMGjh1hgacVilCw9MuqNEMXhmE4qvu
y2i0x1WHbxosedC3iZ45K/PeypnA11Z587KVrRClfe/8aUAnixiSKnvZKhO/gk34
q3RNUX2lEWaQqTu8qk95iu6rpajG/1/HhUyRLR93hE7J3AvExe2PTcY/l+yJDa0=
=2pQZ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ