Bug 1438676 (CVE-2017-2669) - CVE-2017-2669 dovecot: Dovecot DoS when passdb dict was used for authentication
Summary: CVE-2017-2669 dovecot: Dovecot DoS when passdb dict was used for authentication
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2017-2669
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1441457
Blocks: 1438677
TreeView+ depends on / blocked
 
Reported: 2017-04-04 07:50 UTC by Adam Mariš
Modified: 2021-02-17 02:23 UTC (History)
5 users (show)

Fixed In Version: dovecot 2.2.29
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-04-11 05:44:56 UTC
Embargoed:

Attachments (Terms of Use)

Description Adam Mariš 2017-04-04 07:50:15 UTC 
When "dict" passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang.

This issue was introduced by:

https://github.com/dovecot/core/commit/a3783f8a3c9cd816b51e77a922f82301512fcf22

Upstream patch:

https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735.patch

Vulnerable versions: 2.2.26 - 2.2.28
Comment 1 Adam Mariš 2017-04-04 07:50:22 UTC 
Acknowledgments:

Name: the Dovecot project
Comment 5 Doran Moppert 2017-04-12 01:58:46 UTC 
According to analysis conducted by Red Hat and Debian, and acknowledged by the Dovecot project, versions prior to 2.2.26 were not affected by this issue.
Comment 6 Doran Moppert 2017-04-12 01:58:58 UTC 
Statement:

Versions of dovecot shipped in Red Hat Enterprise Linux 5, 6 and 7 are not affected by this vulnerability.
Comment 7 Doran Moppert 2017-04-12 01:59:28 UTC 
Created dovecot tracking bugs for this issue:

Affects: fedora-all [bug 1441457]
Note You need to log in before you can comment on or make changes to this bug.