Bug 1532356 (CVE-2017-15130)

Summary: CVE-2017-15130 dovecot: TLS SNI config lookups are inefficient and can be used for DoS
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: bennie.joubert, dan, janfrode, mhlavink, security-response-team, yozone
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: dovecot 2.2.34, dovecot 2.3.1 Doc Type: If docs needed, set a value
Doc Text:
A denial of service flaw was found in dovecot. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-21 11:58:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1532357, 1551756, 1551757    
Bug Blocks: 1538713    

Description Pedro Sampaio 2018-01-08 17:42:03 UTC 
TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted. This happens only if Dovecot config has local_name { } or local { } configuration blocks and attacker uses randomly generated SNI servernames.
Comment 2 Pedro Sampaio 2018-01-08 17:49:47 UTC 
Acknowledgments:

Name: the Dovecot project
Comment 3 Adam Mariš 2018-03-01 10:47:56 UTC 
Reference:

http://www.openwall.com/lists/oss-security/2018/03/01/3
Comment 4 Pedro Yóssis Silva Barbosa 2018-03-01 13:23:56 UTC 
TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted. This happens only if Dovecot config has local_name { } or local { } configuration blocks and attacker uses randomly generated SNI servernames.
Comment 6 Pedro Yóssis Silva Barbosa 2018-03-01 15:50:34 UTC 
External References:

https://www.dovecot.org/list/dovecot-news/2018-February/000370.html
Comment 9 Michal Hlavinka 2019-08-13 12:54:36 UTC 
affected version is < 2.2.34, we ship 2.2.36 in rhel7
Comment 10 Michal Hlavinka 2019-08-13 12:55:42 UTC 
reopening, closed wrong clone