oss-sec mailing list archives
Re: CVE request: dovecot denial of service
From: Marc Deslauriers <marc.deslauriers () canonical com>
Date: Tue, 20 May 2014 15:48:23 -0400
On 14-05-20 03:32 PM, Yves-Alexis Perez wrote:
Hi, we were made aware of a recently fixed DoS vulnerability in Dovecot, which doesn't seem to have a CVE id assigned: http://dovecot.org/list/dovecot-news/2014-May/000273.html states: * Fixed a DoS attack against imap/pop3-login processes. If SSL/TLS handshake was started but wasn't finished, the login process attempted to eventually forcibly disconnect the client, but failed to do it correctly. This could have left the connections hanging arond for a long time. (Affected Dovecot v1.1+) Could a CVE be assigned for this vulnerability?
Isn't that CVE-2014-3430? Marc.
Current thread:
- CVE request: dovecot denial of service Yves-Alexis Perez (May 20)
- Re: CVE request: dovecot denial of service Seth Arnold (May 20)
- Re: CVE request: dovecot denial of service Marc Deslauriers (May 20)
- Re: CVE request: dovecot denial of service Yves-Alexis Perez (May 20)