Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 27 Apr 2015 01:53:24 -0400 (EDT)
From: cve-assign@...re.org
To: hanno@...eck.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: Dovecot remote DoS on TLS connections

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> The current Dovecot (2.2.16) imap/pop3 server has an issue that
> handshake failures will lead to a crash of the login process.

> can cause the imap-login
> and pop3-login processes to crash on handshake failures

> An example where this is triggered is if the server is configured to
> not allow SSLv3 connections and a client tries to connect with SSLv3
> only.

> The reason is that the error handling routine will try to finish the
> handshake and that will crash. Details here:
> http://dovecot.org/pipermail/dovecot/2015-April/100618.html

Use CVE-2015-3420.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVPc40AAoJEKllVAevmvmsjm0IALZ9S88W+i5Z2yyVbzXWpzj3
DtNlA3z4eOTidJST+DqlmoaBbU+chSuON/0P6Wtkeoj62AiWU8EKmnCTmlJ+KmKX
FUtesTpxz26xeMC62tZpyo+KH+0NqSPALStj7QIxlY6yJpe9Sfvmg9I+AomLbLyW
8yWqxnINOpIWAmIMWgMkotn97y1+StSY8kbf0yhr8by03Zk4WqYNzpmg1AJ0EwPe
27aJ9leFdvufSShEmAJynX2KiPNhe07Vtauv8Fk1dCynLel0rnBg2KuuygoEH+6l
MZ4p3Svmbb4NLiwGCeg93hNFMxDNDkMv4mUVC/FRz9Co6NVqGeptgFCxUr9T+4w=
=2DrH
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ