SB2021062107 - Multiple vulnerabilities in Dovecot

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Resource management error (CVE-ID: CVE-2020-28200)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within regex sieve extension. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

2) Path traversal (CVE-ID: CVE-2021-29157)

The vulnerability allows a local user to perform directory traversal attacks.

The vulnerability exists due to validation of kid and azp fields in JWT tokens. A local user to ability to control a JWT token location can login as any MTA user and access their emails.

3) Code injection (CVE-ID: CVE-2021-33515)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists in the way STARTTLS command in processed by the SMTP server. the commands sent during the session before the STARTTLS command are queued and executed later, after the STARTTLS finished with the client. As a result, a remote attacker can perform a MitM attack and gain access to victim's emails.

Remediation

Install update from vendor's website.

References

• https://dovecot.org/pipermail/dovecot-news/2021-June/000460.html
• https://dovecot.org/pipermail/dovecot-news/2021-June/000461.html
• https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html