Red Hat Security Advisory 2011-1187-01 - Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind. A denial of service flaw was found in the way Dovecot handled NULL characters in certain header names. A mail message with specially-crafted headers could cause the Dovecot child process handling the target user's connection to crash, blocking them from downloading the message successfully and possibly leading to the corruption of their mailbox. Users of dovecot are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the dovecot service will be restarted automatically.
66b39592d5b628556923975d937e6ea8db9f542bb93aafbf43312ca9b355d6d5Ubuntu Security Notice 1143-1 - It was discovered that the message header parser in Dovecot did not properly handle '\0' characters in header names. This could allow a remote attacker to cause a denial of service through a crafted email message by crashing the Dovecot daemon or corrupting mailboxes.
8e2a9e84338724a89034dfdf86bbff31632c42c0596a7577e20fe4e52ebd53e6Mandriva Linux Security Advisory 2011-101 - lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service via a crafted e-mail message.
35441f3acca0c62584cc4ccaf85769dcc37fed324a8a8c976f3e8c4d50eeaf10Debian Linux Security Advisory 2252-1 - It was discovered that the message header parser in the Dovecot mail server parsed NUL characters incorrectly, which could lead to denial of service through malformed mail headers.
17c1016f6e148f176b63126765730b040726b057399b3a1b69c0ae4106f335bb
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed