ID

VAR-201803-0134


CVE

CVE-2017-14461


TITLE

Dovecot Vulnerable to out-of-bounds reading

Trust: 0.8

sources: JVNDB: JVNDB-2017-012764

DESCRIPTION

A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server. Dovecot Contains an out-of-bounds vulnerability and an information disclosure vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Dovecot is an open source IMAP and POP3 mail server based on Linux/UNIX-like systems. A cross-boundary read vulnerability exists in Dovecot version 2.2.33.2. This vulnerability can be used to cause denial of service and access to sensitive information. Dovecot is prone to an information-disclosure vulnerability. Failed exploit attempts will result in a denial-of-service condition. Dovecot 2.2.33.2 is vulnerable; other versions may also be affected. ========================================================================== Ubuntu Security Notice USN-3587-2 April 02, 2018 dovecot vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Dovecot incorrectly handled parsing certain email addresses. (CVE-2017-14461) It was discovered that Dovecot incorrectly handled TLS SNI config lookups. (CVE-2017-15130) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: dovecot-core 1:2.0.19-0ubuntu2.5 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3587-2 https://usn.ubuntu.com/usn/usn-3587-1 CVE-2017-14461, CVE-2017-15130 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4130-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 02, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : dovecot CVE ID : CVE-2017-14461 CVE-2017-15130 CVE-2017-15132 Debian Bug : 888432 891819 891820 Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and 'flxflndy' discovered that Dovecot does not properly parse invalid email addresses, which may cause a crash or leak memory contents to an attacker. CVE-2017-15130 It was discovered that TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted, resulting in a denial of service. Only Dovecot configurations containing local_name { } or local { } configuration blocks are affected. CVE-2017-15132 It was discovered that Dovecot contains a memory leak flaw in the login process on aborted SASL authentication. For the oldstable distribution (jessie), these problems have been fixed in version 1:2.2.13-12~deb8u4. For the stable distribution (stretch), these problems have been fixed in version 1:2.2.27-3+deb9u2. We recommend that you upgrade your dovecot packages. For the detailed security status of dovecot please refer to its security tracker page at: https://security-tracker.debian.org/tracker/dovecot Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqZzelfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0T8fg/+KmUzgEXDQFSnWOmSt+8GXFB08C2XtXmopMuej/1tjkZZ7B04vXfkgYZ9 u7zICbM56VrTmnXOYnLuXjqLrzGO0Y9jX+Z5G4BSw0TgP+g6ME72ZvqxuE4IKQqi QlaKTX86B1AMpzvkLrhwXlArJDr7pJzOonFJds6rKtVA4OvY4/fAAWrH89BFchet VwdO5rngcd/qnAYVOZglTMfgVlzxvenx+0fbQ6JFS6T8ODOFSsnwth64u3KY8yYj 4PGTBqX4m+2S2q2qGinueBgHNUV4RK71Zw1QYDa2gMBQR3HtlMnDhmQ4uYCvKP04 Z1GJYX6dMxMSWPKC2WecrdCSV+QAdMlYypKbhqcLA4LHcdPR+v35oQT4X/SYd2WS Zf50KMYUm9Q3YiOHVDrJo+o21hX4g8hRw1wdewZz+wyQ1n1TOlVtRh4vmACKRzNx 7bUayEvVU3q3VQd+dDH2Bl+TBiO7RB5/b2pHp8vHwAlVX00jYSSnoLUKT0L4BQ54 +1DZ8j88OFKDxTgOsbk19rhfraY7iejAjHZDVnJBwC/tB9REG6DOrDIG4OJqTKw4 sP1JaHryOGXzOf/8h61rY5HAuwofGkAZN7S+Bel0+zGYJvIcSyxpBKvJB/0TDNjm E5KphLFG9RGVmdeVkQzG6tGUMnMXxFrAD5U3hlzUsNGLLA+RE78= =Yh09 -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2017-14461 // JVNDB: JVNDB-2017-012764 // CNVD: CNVD-2018-06399 // BID: 103201 // PACKETSTORM: 147005 // PACKETSTORM: 146647 // PACKETSTORM: 146656

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-06399

AFFECTED PRODUCTS

vendor:dovecotmodel:dovecotscope:eqversion:2.2.33.2

Trust: 1.9

vendor:ubuntumodel:ubuntuscope:eqversion:17.10

Trust: 1.6

vendor:ubuntumodel:ubuntuscope:eqversion:16.04

Trust: 1.6

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:ubuntumodel:ubuntuscope:eqversion:14.04

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:canonicalmodel:ubuntuscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:timo sirainenmodel:dovecotscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2018-06399 // BID: 103201 // JVNDB: JVNDB-2017-012764 // CNNVD: CNNVD-201709-607 // NVD: CVE-2017-14461

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14461
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2017-14461
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-14461
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-06399
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201709-607
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2017-14461
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-06399
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-14461
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.2
version: 3.0

Trust: 1.8

talos-cna@cisco.com: CVE-2017-14461
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 4.2
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2018-06399 // JVNDB: JVNDB-2017-012764 // CNNVD: CNNVD-201709-607 // NVD: CVE-2017-14461 // NVD: CVE-2017-14461

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.8

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-012764 // NVD: CVE-2017-14461

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 147005 // PACKETSTORM: 146647 // CNNVD: CNNVD-201709-607

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201709-607

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012764

PATCH

title:[SECURITY] [DLA 1333-1] dovecot security updateurl:https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html

Trust: 0.8

title:DSA-4130url:https://www.debian.org/security/2018/dsa-4130

Trust: 0.8

title:[Dovecot-news] v2.2.34 releasedurl:https://www.dovecot.org/list/dovecot-news/2018-February/000370.html

Trust: 0.8

title:USN-3587-1url:https://usn.ubuntu.com/3587-1/

Trust: 0.8

title:USN-3587-2url:https://usn.ubuntu.com/3587-2/

Trust: 0.8

title:Dovecot Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190036

Trust: 0.6

sources: JVNDB: JVNDB-2017-012764 // CNNVD: CNNVD-201709-607

EXTERNAL IDS

db:NVDid:CVE-2017-14461

Trust: 3.6

db:TALOSid:TALOS-2017-0510

Trust: 2.5

db:BIDid:103201

Trust: 2.5

db:JVNDBid:JVNDB-2017-012764

Trust: 0.8

db:CNVDid:CNVD-2018-06399

Trust: 0.6

db:CNNVDid:CNNVD-201709-607

Trust: 0.6

db:PACKETSTORMid:147005

Trust: 0.1

db:PACKETSTORMid:146647

Trust: 0.1

db:PACKETSTORMid:146656

Trust: 0.1

sources: CNVD: CNVD-2018-06399 // BID: 103201 // JVNDB: JVNDB-2017-012764 // PACKETSTORM: 147005 // PACKETSTORM: 146647 // PACKETSTORM: 146656 // CNNVD: CNNVD-201709-607 // NVD: CVE-2017-14461

REFERENCES

url:https://talosintelligence.com/vulnerability_reports/talos-2017-0510

Trust: 2.2

url:https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html

Trust: 1.6

url:https://www.debian.org/security/2018/dsa-4130

Trust: 1.6

url:https://usn.ubuntu.com/3587-2/

Trust: 1.6

url:https://usn.ubuntu.com/3587-1/

Trust: 1.6

url:https://www.dovecot.org/list/dovecot-news/2018-february/000370.html

Trust: 1.6

url:http://www.securityfocus.com/bid/103201

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2017-14461

Trust: 1.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14461

Trust: 0.8

url:http://www.dovecot.org/

Trust: 0.3

url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0510

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2017-15130

Trust: 0.3

url:https://usn.ubuntu.com/usn/usn-3587-1

Trust: 0.2

url:https://usn.ubuntu.com/usn/usn-3587-2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/dovecot/1:2.2.9-1ubuntu2.4

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/dovecot/1:2.2.22-1ubuntu2.7

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/dovecot/1:2.2.27-3ubuntu1.3

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-15132

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security-tracker.debian.org/tracker/dovecot

Trust: 0.1

sources: CNVD: CNVD-2018-06399 // BID: 103201 // JVNDB: JVNDB-2017-012764 // PACKETSTORM: 147005 // PACKETSTORM: 146647 // PACKETSTORM: 146656 // CNNVD: CNNVD-201709-607 // NVD: CVE-2017-14461

CREDITS

Aleksandar Nikolic of Cisco Talos.

Trust: 0.3

sources: BID: 103201

SOURCES

db:CNVDid:CNVD-2018-06399
db:BIDid:103201
db:JVNDBid:JVNDB-2017-012764
db:PACKETSTORMid:147005
db:PACKETSTORMid:146647
db:PACKETSTORMid:146656
db:CNNVDid:CNNVD-201709-607
db:NVDid:CVE-2017-14461

LAST UPDATE DATE

2024-08-14T13:46:13.381000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-06399date:2018-03-27T00:00:00
db:BIDid:103201date:2018-03-01T00:00:00
db:JVNDBid:JVNDB-2017-012764date:2018-04-16T00:00:00
db:CNNVDid:CNNVD-201709-607date:2022-04-20T00:00:00
db:NVDid:CVE-2017-14461date:2022-04-19T19:15:17.503

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-06399date:2018-03-27T00:00:00
db:BIDid:103201date:2018-03-01T00:00:00
db:JVNDBid:JVNDB-2017-012764date:2018-04-16T00:00:00
db:PACKETSTORMid:147005date:2018-04-02T16:54:55
db:PACKETSTORMid:146647date:2018-03-05T22:23:00
db:PACKETSTORMid:146656date:2018-03-05T23:45:22
db:CNNVDid:CNNVD-201709-607date:2017-09-15T00:00:00
db:NVDid:CVE-2017-14461date:2018-03-02T15:29:00.210