Bug 1532356 (CVE-2017-15130) - CVE-2017-15130 dovecot: TLS SNI config lookups are inefficient and can be used for DoS
Summary: CVE-2017-15130 dovecot: TLS SNI config lookups are inefficient and can be use...
Status: NEW
Alias: CVE-2017-15130
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20180228,reported=2...
Keywords: Security
Depends On: 1551756 1551757 1532357
Blocks: 1538713
TreeView+ depends on / blocked
 
Reported: 2018-01-08 17:42 UTC by Pedro Sampaio
Modified: 2019-05-16 08:07 UTC (History)
7 users (show)

(edit)
A denial of service flaw was found in dovecot. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.
Clone Of:
(edit)
Last Closed:


Attachments (Terms of Use)

Description Pedro Sampaio 2018-01-08 17:42:03 UTC
TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted. This happens only if Dovecot config has local_name { } or local { } configuration blocks and attacker uses randomly generated SNI servernames.

Comment 2 Pedro Sampaio 2018-01-08 17:49:47 UTC
Acknowledgments:

Name: The Dovecot Project

Comment 3 Adam Mariš 2018-03-01 10:47:56 UTC
Reference:

http://www.openwall.com/lists/oss-security/2018/03/01/3

Comment 4 Pedro Yóssis Silva Barbosa 2018-03-01 13:23:56 UTC
TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted. This happens only if Dovecot config has local_name { } or local { } configuration blocks and attacker uses randomly generated SNI servernames.

Comment 6 Pedro Yóssis Silva Barbosa 2018-03-01 15:50:34 UTC
External References:

https://www.dovecot.org/list/dovecot-news/2018-February/000370.html


Note You need to log in before you can comment on or make changes to this bug.