security/vuxml: Report multiple dovecot vulnerabilities.

svn path=/head/; revision=535775
2025-01-26 09:46:09 +00:00 · 2020-05-18 19:00:35 +00:00 · 2020-05-18 19:00:35 +00:00 · 361f82f61c · 2021-03-31 03:12:20 +00:00
commit 361f82f61c
parent 8698a3efcb
1 changed files with 71 additions and 0 deletions
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -58,6 +58,77 @@ Notes:
  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="37d106a8-15a4-483e-8247-fcb68b16eaf8">
+    <topic>Dovecot -- Multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>dovecot</name>
+	<range><lt>2.3.10.1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Aki Tuomi reports:</p>
+	<blockquote cite="https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html">
+	  <p>Vulnerability Details:
+	Sending malformed NOOP command causes crash in submission, submission-login or
+	lmtp service.
+
+Risk:
+	Remote attacker can keep submission-login service down, causing denial of
+	service attack. For lmtp the risk is neglible, as lmtp is usually behind a
+	trusted MTA.
+
+Steps to reproduce:
+	Send ``NOOP EE"FY`` to submission port, or similarly malformed command.</p>
+	  <p>Vulnerability Details:
+
+	Sending command followed by sufficient number of newlines triggers a
+	use-after-free bug that might crash submission-login, submission or
+	lmtp service.
+
+Risk:
+
+	Remote attacker can keep submission-login service down, causing denial
+	of service attack. For lmtp the risk is neglible, as lmtp is usually
+	behind a trusted MTA.
+
+Steps to reproduce:
+
+	This can be currently reproduced with ASAN or Valgrind. Reliable way to
+	crash has not yet been discovered.
+	</p>
+	<p>Vulnerability Details:
+	Sending mail with empty quoted localpart causes submission or lmtp component
+	to crash.
+
+Risk:
+	Malicious actor can cause denial of service to mail delivery by repeatedly
+	sending mails with bad sender or recipient address.
+
+Steps to reproduce:
+	Send mail with envelope sender or recipient as &lt;""@example.org&gt;.
+
+Workaround:
+	For submission there is no workaround, but triggering the bug requires valid
+	credentials.
+	For lmtp, one can implement sufficient filtering on MTA level to prevent mails
+	  with such addresses from ending up in LMTP delivery.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html</url>
+      <cvename>CVE-2020-10957</cvename>
+      <cvename>CVE-2020-10958</cvename>
+      <cvename>CVE-2020-10967</cvename>
+    </references>
+    <dates>
+      <discovery>2020-04-02</discovery>
+      <entry>2020-05-18</entry>
+    </dates>
+  </vuln>
+
  <vuln vid="91ce95d5-cd15-4105-b942-af5ccc7144c1">
    <topic>clamav -- multiple vulnerabilities</topic>
    <affects>