A denial of service flaw was found in the way IMAP command parser of Dovecot, IMAP and POP3 server, processed certain parameters of the IMAP APPEND command. A remote authenticated user could issue a specially-crafted IMAP APPEND command that, when processed would lead to dovecot daemon hang (infinite loop). References: [1] http://www.dovecot.org/list/dovecot-news/2013-May/000255.html [2] http://www.openwall.com/lists/oss-security/2013/05/21/2 [3] https://secunia.com/advisories/53492/ Relevant upstream patch: [4] http://hg.dovecot.org/dovecot-2.2/rev/ea0390e1789f
This issue did NOT affect the versions of the dovecot package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue did NOT affect the versions of the dovecot package, as shipped with Fedora release of 17 and 18. -- This issue did NOT affect the version of the dovecot package, as shipped with Fedora Rawhide (an update including the fix has been already created).
Statement: Not Vulnerable. This issue does not affect the version of dovecot as shipped with Red Hat Enterprise Linux 5 and 6.