Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 20 May 2014 21:32:54 +0200
From: Yves-Alexis Perez <corsac@...ian.org>
To: oss-security@...ts.openwall.com
Subject: CVE request: dovecot denial of service

Hi,

we were made aware of a recently fixed DoS vulnerability in Dovecot,
which doesn't seem to have a CVE id assigned:

http://dovecot.org/list/dovecot-news/2014-May/000273.html

states:

* Fixed a DoS attack against imap/pop3-login processes. If SSL/TLS
  handshake was started but wasn't finished, the login process
  attempted to eventually forcibly disconnect the client, but failed
  to do it correctly. This could have left the connections hanging
  arond for a long time. (Affected Dovecot v1.1+)

Could a CVE be assigned for this vulnerability?

Thanks,
-- 
Yves-Alexis Perez - Debian Security



[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ