1532356 – (CVE-2017-15130) CVE-2017-15130 dovecot: TLS SNI config lookups are inefficient and can be used for DoS

Bug 1532356 (CVE-2017-15130) - CVE-2017-15130 dovecot: TLS SNI config lookups are inefficient and can be used for DoS

Summary: CVE-2017-15130 dovecot: TLS SNI config lookups are inefficient and can be use...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2017-15130
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1532357 1551756 1551757
Blocks:	1538713
TreeView+	depends on / blocked

Reported:	2018-01-08 17:42 UTC by Pedro Sampaio
Modified:	2021-10-21 11:58 UTC (History)
CC List:	6 users (show)
Fixed In Version:	dovecot 2.2.34, dovecot 2.3.1
Doc Type:	If docs needed, set a value
Doc Text:	A denial of service flaw was found in dovecot. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.
Clone Of:
Environment:
Last Closed:	2021-10-21 11:58:37 UTC
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2018-01-08 17:42:03 UTC

TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted. This happens only if Dovecot config has local_name { } or local { } configuration blocks and attacker uses randomly generated SNI servernames.

Comment 2 Pedro Sampaio 2018-01-08 17:49:47 UTC

Acknowledgments:

Name: the Dovecot project

Comment 3 Adam Mariš 2018-03-01 10:47:56 UTC

Reference:

http://www.openwall.com/lists/oss-security/2018/03/01/3

Comment 4 Pedro Yóssis Silva Barbosa 2018-03-01 13:23:56 UTC

TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted. This happens only if Dovecot config has local_name { } or local { } configuration blocks and attacker uses randomly generated SNI servernames.

Comment 6 Pedro Yóssis Silva Barbosa 2018-03-01 15:50:34 UTC

External References:

https://www.dovecot.org/list/dovecot-news/2018-February/000370.html

Comment 9 Michal Hlavinka 2019-08-13 12:54:36 UTC

affected version is < 2.2.34, we ship 2.2.36 in rhel7

Comment 10 Michal Hlavinka 2019-08-13 12:55:42 UTC

reopening, closed wrong clone

Note You need to log in before you can comment on or make changes to this bug.