oss-sec mailing list archives
Re: CVE request: Dovecot remote DoS on TLS connections
From: cve-assign () mitre org
Date: Mon, 27 Apr 2015 01:53:24 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The current Dovecot (2.2.16) imap/pop3 server has an issue that handshake failures will lead to a crash of the login process.
can cause the imap-login and pop3-login processes to crash on handshake failures
An example where this is triggered is if the server is configured to not allow SSLv3 connections and a client tries to connect with SSLv3 only.
The reason is that the error handling routine will try to finish the handshake and that will crash. Details here: http://dovecot.org/pipermail/dovecot/2015-April/100618.html
Use CVE-2015-3420. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVPc40AAoJEKllVAevmvmsjm0IALZ9S88W+i5Z2yyVbzXWpzj3 DtNlA3z4eOTidJST+DqlmoaBbU+chSuON/0P6Wtkeoj62AiWU8EKmnCTmlJ+KmKX FUtesTpxz26xeMC62tZpyo+KH+0NqSPALStj7QIxlY6yJpe9Sfvmg9I+AomLbLyW 8yWqxnINOpIWAmIMWgMkotn97y1+StSY8kbf0yhr8by03Zk4WqYNzpmg1AJ0EwPe 27aJ9leFdvufSShEmAJynX2KiPNhe07Vtauv8Fk1dCynLel0rnBg2KuuygoEH+6l MZ4p3Svmbb4NLiwGCeg93hNFMxDNDkMv4mUVC/FRz9Co6NVqGeptgFCxUr9T+4w= =2DrH -----END PGP SIGNATURE-----
Current thread:
- CVE request: Dovecot remote DoS on TLS connections Hanno Böck (Apr 26)
- Re: CVE request: Dovecot remote DoS on TLS connections cve-assign (Apr 26)
- Re: Re: CVE request: Dovecot remote DoS on TLS connections Hanno Böck (Apr 28)
- Re: CVE request: Dovecot remote DoS on TLS connections Sven Kieske (May 07)
- Re: CVE request: Dovecot remote DoS on TLS connections Hanno Böck (May 07)
- Re: CVE request: Dovecot remote DoS on TLS connections cve-assign (Apr 26)