Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4867175.ZVKOe4YAr4@devil>
Date: Tue, 21 May 2013 20:58:04 +0200
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Subject: CVE request: dovecot : "APPEND" Parameters Processing Denial of Service Vulnerability

>From the secunia advisory SA53492[1] :

Description
A vulnerability has been reported in Dovecot, which can be exploited by 
malicious users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within IMAP functionality when 
processing the "APPEND" parameters and can be exploited to cause a hang.

The vulnerability is reported in version 2.2.


Solution
Update to version 2.2.2.

Provided and/or discovered by
Reported by the vendor.

Original Advisory
http://www.dovecot.org/list/dovecot-news/2013-May/000255.html

Commit:
http://hg.dovecot.org/dovecot-2.2/rev/ea0390e1789f

[1]: https://secunia.com/advisories/53492/

-- 
Agostino Sarubbo
Gentoo Linux Developer

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.