Arch Linux Security Advisory ASA-202005-9
========================================
Severity: High
Date    : 2020-05-19
CVE-ID  : CVE-2020-10957 CVE-2020-10958 CVE-2020-10967
Package : dovecot
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1162

Summary
======
The package dovecot before version 2.3.10.1-1 is vulnerable to multiple
issues including arbitrary code execution and denial of service.

Resolution
=========
Upgrade to 2.3.10.1-1.

# pacman -Syu "dovecot>=2.3.10.1-1"

The problems have been fixed upstream in version 2.3.10.1.

Workaround
=========
None.

Description
==========
- CVE-2020-10957 (denial of service)

A NULL-pointer dereference issue has been found in Dovecot before
2.3.10.1 in the lmtp/submission component. A client can crash the
server by sending a NOOP command with an invalid string parameter. This
occurs particularly for a parameter that doesn't start with a double
quote. This applies to all SMTP services, including submission-login,
which makes it possible to crash the submission service without
authentication.

- CVE-2020-10958 (arbitrary code execution)

A security issue has been found in Dovecot before 2.3.10.1 in the
lmtp/submission component. Sending many invalid or unknown commands can
cause the server to access freed memory, which can lead to a server
crash. This happens when the server closes the connection with a "421
Too many invalid commands" error. The bad command limit depends on the
service (lmtp or submission) and varies between 10 to 20 bad commands.

- CVE-2020-10967 (denial of service)

A security issue has been found in Dovecot before 2.3.10.1 in the
lmtp/submission component. An authenticated attacker could send an
e-mail via the submission service with empty quoted localpart which
would cause the submission or lmtp component to crash. An
unauthenticated attacker could send an e-mail with a bad sender or
recipient address, causing the e-mail to be passed to LMTP for delivery
and then crash the LMTP component unless some kind of filtering has
been set up on the MTA level.

Impact
=====
A remote, unauthenticated attacker can crash the server, causing a
denial of service. Under certain circumstances it might be possible for
a remote attacker to execute arbitrary code on the affected host.

References
=========
https://dovecot.org/pipermail/dovecot-news/2020-May/000437.html
https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html
https://github.com/dovecot/core/commit/d143ca6b7ee1196ae3eafffbf6dee71a95a5e0b8
https://github.com/dovecot/core/commit/606724bd528b92347dce580d3ab48fc1e3c2f4d7
https://github.com/dovecot/core/commit/aedb205c79395de77127fb7166b29b09319df23c
https://github.com/dovecot/core/commit/874817b169d19a4ae51d80ad5798a396bfe90136
https://github.com/dovecot/core/commit/5efeccc10beccbf8d7700adec1278f97d416cbc6
https://github.com/dovecot/core/commit/2b4f1e47a4ca8a192bf3f7e944c0ad07b21b2ed1
https://github.com/dovecot/core/commit/563bf21d8228a3c06c63b3f289a90ca3d0c579a4
https://github.com/dovecot/core/commit/18d5837748d3eafe56e080653d5ed0b3e221be0b
https://github.com/dovecot/core/commit/063462d588eaea6f266596fae5f5470792dcc98d
https://github.com/dovecot/core/commit/b34002a4ca301ed94cd944ee3504287ed7e58031
https://github.com/dovecot/core/commit/92d9690da195b6ceaa878ab1df6c7c31a75f63f8
https://github.com/dovecot/core/commit/cbab48f174580bfb8d49321d8d336f96a231b0cd
https://security.archlinux.org/CVE-2020-10957
https://security.archlinux.org/CVE-2020-10958
https://security.archlinux.org/CVE-2020-10967

ArchLinux: 202005-9: dovecot: multiple issues

May 23, 2020

Summary

- CVE-2020-10957 (denial of service) A NULL-pointer dereference issue has been found in Dovecot before 2.3.10.1 in the lmtp/submission component. A client can crash the server by sending a NOOP command with an invalid string parameter. This occurs particularly for a parameter that doesn't start with a double quote. This applies to all SMTP services, including submission-login, which makes it possible to crash the submission service without authentication.
- CVE-2020-10958 (arbitrary code execution)
A security issue has been found in Dovecot before 2.3.10.1 in the lmtp/submission component. Sending many invalid or unknown commands can cause the server to access freed memory, which can lead to a server crash. This happens when the server closes the connection with a "421 Too many invalid commands" error. The bad command limit depends on the service (lmtp or submission) and varies between 10 to 20 bad commands.
- CVE-2020-10967 (denial of service)
A security issue has been found in Dovecot before 2.3.10.1 in the lmtp/submission component. An authenticated attacker could send an e-mail via the submission service with empty quoted localpart which would cause the submission or lmtp component to crash. An unauthenticated attacker could send an e-mail with a bad sender or recipient address, causing the e-mail to be passed to LMTP for delivery and then crash the LMTP component unless some kind of filtering has been set up on the MTA level.

Resolution

Upgrade to 2.3.10.1-1. # pacman -Syu "dovecot>=2.3.10.1-1"
The problems have been fixed upstream in version 2.3.10.1.

References

https://dovecot.org/pipermail/dovecot-news/2020-May/000437.html https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html https://github.com/dovecot/core/commit/d143ca6b7ee1196ae3eafffbf6dee71a95a5e0b8 https://github.com/dovecot/core/commit/606724bd528b92347dce580d3ab48fc1e3c2f4d7 https://github.com/dovecot/core/commit/aedb205c79395de77127fb7166b29b09319df23c https://github.com/dovecot/core/commit/874817b169d19a4ae51d80ad5798a396bfe90136 https://github.com/dovecot/core/commit/5efeccc10beccbf8d7700adec1278f97d416cbc6 https://github.com/dovecot/core/commit/2b4f1e47a4ca8a192bf3f7e944c0ad07b21b2ed1 https://github.com/dovecot/core/commit/563bf21d8228a3c06c63b3f289a90ca3d0c579a4 https://github.com/dovecot/core/commit/18d5837748d3eafe56e080653d5ed0b3e221be0b https://github.com/dovecot/core/commit/063462d588eaea6f266596fae5f5470792dcc98d https://github.com/dovecot/core/commit/b34002a4ca301ed94cd944ee3504287ed7e58031 https://github.com/dovecot/core/commit/92d9690da195b6ceaa878ab1df6c7c31a75f63f8 https://github.com/dovecot/core/commit/cbab48f174580bfb8d49321d8d336f96a231b0cd https://security.archlinux.org/CVE-2020-10957 https://security.archlinux.org/CVE-2020-10958 https://security.archlinux.org/CVE-2020-10967

Severity
Package : dovecot
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1162

Workaround

None.

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved