openEuler 20.03 LTS update for dovecot

Published: 2020-08-31

Risk	Medium
Patch available	YES
Number of vulnerabilities	3
CVE-ID	CVE-2020-10967 CVE-2020-10958 CVE-2020-10957
CWE-ID	CWE-20 CWE-416 CWE-476
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #3 is available.
Vulnerable software	openEuler Operating systems & Components / Operating system dovecot-help Operating systems & Components / Operating system package or component dovecot-devel Operating systems & Components / Operating system package or component dovecot-debugsource Operating systems & Components / Operating system package or component dovecot-debuginfo Operating systems & Components / Operating system package or component dovecot Operating systems & Components / Operating system package or component
Vendor	openEuler

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU27984

Risk: Medium

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2020-10967

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input passed via email message. A remote attacker can send a specially crafted email with empty quoted localpart and crash the submission or lmtp service.

PoC:

Send mail with envelope sender or recipient as ``<""@example.org>``.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS

dovecot-help: before 2.3.10.1-1

dovecot-devel: before 2.3.10.1-1

dovecot-debugsource: before 2.3.10.1-1

dovecot-debuginfo: before 2.3.10.1-1

dovecot: before 2.3.10.1-1

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2020-1041

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Use-after-free

EUVDB-ID: #VU27983

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-10958

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error when processing newline characters. A remote attacker can a specially crafted command to submission, submission-login or lmtp service and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS

dovecot-help: before 2.3.10.1-1

dovecot-devel: before 2.3.10.1-1

dovecot-debugsource: before 2.3.10.1-1

dovecot-debuginfo: before 2.3.10.1-1

dovecot: before 2.3.10.1-1

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2020-1041

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU27981

Risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2020-10957

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing NOOP command. A remote attacker can send a specially crafted NOOP command to submission, submission-login or lmtp service, trigger a NULL pointer dereference and perform a denial of service attack.

PoC command:

``NOOP EE"FY``

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS

dovecot-help: before 2.3.10.1-1

dovecot-devel: before 2.3.10.1-1

dovecot-debugsource: before 2.3.10.1-1

dovecot-debuginfo: before 2.3.10.1-1

dovecot: before 2.3.10.1-1

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2020-1041

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.