Details of VAR-201803-0134

ID

VAR-201803-0134

CVE

CVE-2017-14461

TITLE

Dovecot Vulnerable to out-of-bounds reading

Trust: 0.8

sources: JVNDB: JVNDB-2017-012764

DESCRIPTION

A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server. Dovecot Contains an out-of-bounds vulnerability and an information disclosure vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Dovecot is an open source IMAP and POP3 mail server based on Linux/UNIX-like systems. A cross-boundary read vulnerability exists in Dovecot version 2.2.33.2. This vulnerability can be used to cause denial of service and access to sensitive information. Dovecot is prone to an information-disclosure vulnerability. Failed exploit attempts will result in a denial-of-service condition. Dovecot 2.2.33.2 is vulnerable; other versions may also be affected. ========================================================================== Ubuntu Security Notice USN-3587-2 April 02, 2018 dovecot vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Dovecot incorrectly handled parsing certain email addresses. (CVE-2017-14461) It was discovered that Dovecot incorrectly handled TLS SNI config lookups. (CVE-2017-15130) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: dovecot-core 1:2.0.19-0ubuntu2.5 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3587-2 https://usn.ubuntu.com/usn/usn-3587-1 CVE-2017-14461, CVE-2017-15130 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4130-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 02, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : dovecot CVE ID : CVE-2017-14461 CVE-2017-15130 CVE-2017-15132 Debian Bug : 888432 891819 891820 Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and 'flxflndy' discovered that Dovecot does not properly parse invalid email addresses, which may cause a crash or leak memory contents to an attacker. CVE-2017-15130 It was discovered that TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted, resulting in a denial of service. Only Dovecot configurations containing local_name { } or local { } configuration blocks are affected. CVE-2017-15132 It was discovered that Dovecot contains a memory leak flaw in the login process on aborted SASL authentication. For the oldstable distribution (jessie), these problems have been fixed in version 1:2.2.13-12~deb8u4. For the stable distribution (stretch), these problems have been fixed in version 1:2.2.27-3+deb9u2. We recommend that you upgrade your dovecot packages. For the detailed security status of dovecot please refer to its security tracker page at: https://security-tracker.debian.org/tracker/dovecot Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqZzelfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0T8fg/+KmUzgEXDQFSnWOmSt+8GXFB08C2XtXmopMuej/1tjkZZ7B04vXfkgYZ9 u7zICbM56VrTmnXOYnLuXjqLrzGO0Y9jX+Z5G4BSw0TgP+g6ME72ZvqxuE4IKQqi QlaKTX86B1AMpzvkLrhwXlArJDr7pJzOonFJds6rKtVA4OvY4/fAAWrH89BFchet VwdO5rngcd/qnAYVOZglTMfgVlzxvenx+0fbQ6JFS6T8ODOFSsnwth64u3KY8yYj 4PGTBqX4m+2S2q2qGinueBgHNUV4RK71Zw1QYDa2gMBQR3HtlMnDhmQ4uYCvKP04 Z1GJYX6dMxMSWPKC2WecrdCSV+QAdMlYypKbhqcLA4LHcdPR+v35oQT4X/SYd2WS Zf50KMYUm9Q3YiOHVDrJo+o21hX4g8hRw1wdewZz+wyQ1n1TOlVtRh4vmACKRzNx 7bUayEvVU3q3VQd+dDH2Bl+TBiO7RB5/b2pHp8vHwAlVX00jYSSnoLUKT0L4BQ54 +1DZ8j88OFKDxTgOsbk19rhfraY7iejAjHZDVnJBwC/tB9REG6DOrDIG4OJqTKw4 sP1JaHryOGXzOf/8h61rY5HAuwofGkAZN7S+Bel0+zGYJvIcSyxpBKvJB/0TDNjm E5KphLFG9RGVmdeVkQzG6tGUMnMXxFrAD5U3hlzUsNGLLA+RE78= =Yh09 -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2017-14461 // JVNDB: JVNDB-2017-012764 // CNVD: CNVD-2018-06399 // BID: 103201 // PACKETSTORM: 147005 // PACKETSTORM: 146647 // PACKETSTORM: 146656

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-06399

AFFECTED PRODUCTS

vendor:	dovecot	model:	dovecot	scope:	eq	version:	2.2.33.2	Trust: 1.9
vendor:	ubuntu	model:	ubuntu	scope:	eq	version:	17.10	Trust: 1.6
vendor:	ubuntu	model:	ubuntu	scope:	eq	version:	16.04	Trust: 1.6
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	ubuntu	model:	ubuntu	scope:	eq	version:	14.04	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	canonical	model:	ubuntu	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	timo sirainen	model:	dovecot	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2018-06399 // BID: 103201 // JVNDB: JVNDB-2017-012764 // CNNVD: CNNVD-201709-607 // NVD: CVE-2017-14461

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-14461
value:	HIGH
Trust: 1.0
talos-cna@cisco.com:	CVE-2017-14461
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-14461
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-06399
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201709-607
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-14461
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-06399
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-14461
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	4.2
version:	3.0
Trust: 1.8
talos-cna@cisco.com:	CVE-2017-14461
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	4.2
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2018-06399 // JVNDB: JVNDB-2017-012764 // CNNVD: CNNVD-201709-607 // NVD: CVE-2017-14461 // NVD: CVE-2017-14461

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.8
problemtype:	CWE-200	Trust: 1.8

sources: JVNDB: JVNDB-2017-012764 // NVD: CVE-2017-14461

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 147005 // PACKETSTORM: 146647 // CNNVD: CNNVD-201709-607

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201709-607

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012764

PATCH

title:	[SECURITY] [DLA 1333-1] dovecot security update	url:	https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html	Trust: 0.8
title:	DSA-4130	url:	https://www.debian.org/security/2018/dsa-4130	Trust: 0.8
title:	[Dovecot-news] v2.2.34 released	url:	https://www.dovecot.org/list/dovecot-news/2018-February/000370.html	Trust: 0.8
title:	USN-3587-1	url:	https://usn.ubuntu.com/3587-1/	Trust: 0.8
title:	USN-3587-2	url:	https://usn.ubuntu.com/3587-2/	Trust: 0.8
title:	Dovecot Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190036	Trust: 0.6

sources: JVNDB: JVNDB-2017-012764 // CNNVD: CNNVD-201709-607

EXTERNAL IDS

db:	NVD	id:	CVE-2017-14461	Trust: 3.6
db:	TALOS	id:	TALOS-2017-0510	Trust: 2.5
db:	BID	id:	103201	Trust: 2.5
db:	JVNDB	id:	JVNDB-2017-012764	Trust: 0.8
db:	CNVD	id:	CNVD-2018-06399	Trust: 0.6
db:	CNNVD	id:	CNNVD-201709-607	Trust: 0.6
db:	PACKETSTORM	id:	147005	Trust: 0.1
db:	PACKETSTORM	id:	146647	Trust: 0.1
db:	PACKETSTORM	id:	146656	Trust: 0.1

sources: CNVD: CNVD-2018-06399 // BID: 103201 // JVNDB: JVNDB-2017-012764 // PACKETSTORM: 147005 // PACKETSTORM: 146647 // PACKETSTORM: 146656 // CNNVD: CNNVD-201709-607 // NVD: CVE-2017-14461

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2017-0510	Trust: 2.2
url:	https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html	Trust: 1.6
url:	https://www.debian.org/security/2018/dsa-4130	Trust: 1.6
url:	https://usn.ubuntu.com/3587-2/	Trust: 1.6
url:	https://usn.ubuntu.com/3587-1/	Trust: 1.6
url:	https://www.dovecot.org/list/dovecot-news/2018-february/000370.html	Trust: 1.6
url:	http://www.securityfocus.com/bid/103201	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-14461	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14461	Trust: 0.8
url:	http://www.dovecot.org/	Trust: 0.3
url:	https://www.talosintelligence.com/vulnerability_reports/talos-2017-0510	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2017-15130	Trust: 0.3
url:	https://usn.ubuntu.com/usn/usn-3587-1	Trust: 0.2
url:	https://usn.ubuntu.com/usn/usn-3587-2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/dovecot/1:2.2.9-1ubuntu2.4	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/dovecot/1:2.2.22-1ubuntu2.7	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/dovecot/1:2.2.27-3ubuntu1.3	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-15132	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/dovecot	Trust: 0.1

CREDITS

Aleksandar Nikolic of Cisco Talos.

Trust: 0.3

sources: BID: 103201

SOURCES

db:	CNVD	id:	CNVD-2018-06399
db:	BID	id:	103201
db:	JVNDB	id:	JVNDB-2017-012764
db:	PACKETSTORM	id:	147005
db:	PACKETSTORM	id:	146647
db:	PACKETSTORM	id:	146656
db:	CNNVD	id:	CNNVD-201709-607
db:	NVD	id:	CVE-2017-14461

LAST UPDATE DATE

2024-08-14T13:46:13.381000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-06399	date:	2018-03-27T00:00:00
db:	BID	id:	103201	date:	2018-03-01T00:00:00
db:	JVNDB	id:	JVNDB-2017-012764	date:	2018-04-16T00:00:00
db:	CNNVD	id:	CNNVD-201709-607	date:	2022-04-20T00:00:00
db:	NVD	id:	CVE-2017-14461	date:	2022-04-19T19:15:17.503

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-06399	date:	2018-03-27T00:00:00
db:	BID	id:	103201	date:	2018-03-01T00:00:00
db:	JVNDB	id:	JVNDB-2017-012764	date:	2018-04-16T00:00:00
db:	PACKETSTORM	id:	147005	date:	2018-04-02T16:54:55
db:	PACKETSTORM	id:	146647	date:	2018-03-05T22:23:00
db:	PACKETSTORM	id:	146656	date:	2018-03-05T23:45:22
db:	CNNVD	id:	CNNVD-201709-607	date:	2017-09-15T00:00:00
db:	NVD	id:	CVE-2017-14461	date:	2018-03-02T15:29:00.210