Bug 1709240 (CVE-2019-11499) - CVE-2019-11499 dovecot: unacceptable authentication message in AUTH PLAIN over TLS leads to crash and possible DoS
Summary: CVE-2019-11499 dovecot: unacceptable authentication message in AUTH PLAIN ove...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2019-11499
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1709241
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-05-13 09:06 UTC by Marian Rehak
Modified: 2019-09-29 15:13 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-10 10:55:26 UTC
Embargoed:


Attachments (Terms of Use)

Description Marian Rehak 2019-05-13 09:06:37 UTC
In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.

Upstream Bug:

https://dovecot.org/list/dovecot-news/2019-April/000410.html

Comment 1 Marian Rehak 2019-05-13 09:06:47 UTC
Created dovecot tracking bugs for this issue:

Affects: fedora-all [bug 1709241]

Comment 2 Bojan Smojver 2019-05-31 00:52:37 UTC
No builds for F30 to fix this. I asked several times in bug #1672622, but no action has been taken there.


Note You need to log in before you can comment on or make changes to this bug.