exploit the possibilities
Showing 1 - 8 of 8 RSS Feed

CVE-2019-11500

Status Candidate

Overview

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '�' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.

Related Files

Red Hat Security Advisory 2019-2836-01
Posted Sep 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2836-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include an out of bounds write vulnerability.

tags | advisory, imap
systems | linux, redhat, unix
advisories | CVE-2019-11500
MD5 | b08eabb4d5e0e143850082d447d4c689
Red Hat Security Advisory 2019-2822-01
Posted Sep 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2822-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include an out of bounds write vulnerability.

tags | advisory, imap
systems | linux, redhat, unix
advisories | CVE-2019-11500
MD5 | ae2ffaa4c4359c7ce4af4b38a1078db3
Gentoo Linux Security Advisory 201908-29
Posted Sep 2, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201908-29 - Multiple vulnerabilities have been found in Dovecot, the worst of which could result in the arbitrary execution of code. Versions less than 2.3.7.2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-10691, CVE-2019-11500
MD5 | e2ebc256f3d9e060e6a289e5b860ada5
Ubuntu Security Notice USN-4110-4
Posted Aug 28, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4110-4 - USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-11500
MD5 | a6dd8ffb200c3fa787ed813228ab72f1
Ubuntu Security Notice USN-4110-3
Posted Aug 28, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4110-3 - USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem. Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-11500
MD5 | 63a1258a6f995b55a382c15c602c1e37
Ubuntu Security Notice USN-4110-2
Posted Aug 28, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4110-2 - USN-4110-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-11500
MD5 | 5c791be958358f0b5d099cc85acbf72d
Debian Security Advisory 4510-1
Posted Aug 28, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4510-1 - Nick Roessler and Rafi Rubin discovered that the IMAP and ManageSieve protocol parsers in the Dovecot email server do not properly validate input (both pre- and post-login). A remote attacker can take advantage of this flaw to trigger out of bounds heap memory writes, leading to information leaks or potentially the execution of arbitrary code.

tags | advisory, remote, arbitrary, imap, protocol
systems | linux, debian
advisories | CVE-2019-11500
MD5 | e3cf7ec7b9e533f10132ece6c1ce8f6b
Ubuntu Security Notice USN-4110-1
Posted Aug 28, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4110-1 - Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-11500
MD5 | 4870d365c10fedd69d6ee0d660a7bdaa
Page 1 of 1
Back1Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    14 Files
  • 20
    Sep 20th
    20 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close