Bug 1532356 (CVE-2017-15130) - CVE-2017-15130 dovecot: TLS SNI config lookups are inefficient and can be used for DoS
Summary: CVE-2017-15130 dovecot: TLS SNI config lookups are inefficient and can be use...
Keywords:
Status: NEW
Alias: CVE-2017-15130
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20180228,reported=2...
Depends On: 1532357 1551756 1551757
Blocks: 1538713
TreeView+ depends on / blocked
 
Reported: 2018-01-08 17:42 UTC by Pedro Sampaio
Modified: 2019-08-13 12:55 UTC (History)
7 users (show)

Fixed In Version: dovecot 2.2.34, dovecot 2.3.1
Doc Type: If docs needed, set a value
Doc Text:
A denial of service flaw was found in dovecot. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.
Clone Of:
Environment:
Last Closed: 2019-08-13 12:54:36 UTC


Attachments (Terms of Use)

Description Pedro Sampaio 2018-01-08 17:42:03 UTC
TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted. This happens only if Dovecot config has local_name { } or local { } configuration blocks and attacker uses randomly generated SNI servernames.

Comment 2 Pedro Sampaio 2018-01-08 17:49:47 UTC
Acknowledgments:

Name: The Dovecot Project

Comment 3 Adam Mariš 2018-03-01 10:47:56 UTC
Reference:

http://www.openwall.com/lists/oss-security/2018/03/01/3

Comment 4 Pedro Yóssis Silva Barbosa 2018-03-01 13:23:56 UTC
TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted. This happens only if Dovecot config has local_name { } or local { } configuration blocks and attacker uses randomly generated SNI servernames.

Comment 6 Pedro Yóssis Silva Barbosa 2018-03-01 15:50:34 UTC
External References:

https://www.dovecot.org/list/dovecot-news/2018-February/000370.html

Comment 9 Michal Hlavinka 2019-08-13 12:54:36 UTC
affected version is < 2.2.34, we ship 2.2.36 in rhel7

Comment 10 Michal Hlavinka 2019-08-13 12:55:42 UTC
reopening, closed wrong clone


Note You need to log in before you can comment on or make changes to this bug.