exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2019-11500

Status Candidate

Overview

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.

Related Files

Red Hat Security Advisory 2019-2885-01
Posted Sep 24, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2885-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include an out of bounds write vulnerability.

tags | advisory, imap
systems | linux, redhat, unix
advisories | CVE-2019-11500
SHA-256 | 9fd2c275018a733cb0c3bfff40805dbf55029a0ac78e0633b48964b677b6156c
Red Hat Security Advisory 2019-2836-01
Posted Sep 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2836-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include an out of bounds write vulnerability.

tags | advisory, imap
systems | linux, redhat, unix
advisories | CVE-2019-11500
SHA-256 | a9cc8d9231e99e2caa2a016b2b5c2aefe8c8ab89d85e66e08bddff1d43b5608b
Red Hat Security Advisory 2019-2822-01
Posted Sep 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2822-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include an out of bounds write vulnerability.

tags | advisory, imap
systems | linux, redhat, unix
advisories | CVE-2019-11500
SHA-256 | 5d98bb169c0022e723dbcc0170c5cc39144a84d85aedfaccd46b356f884baf14
Gentoo Linux Security Advisory 201908-29
Posted Sep 2, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201908-29 - Multiple vulnerabilities have been found in Dovecot, the worst of which could result in the arbitrary execution of code. Versions less than 2.3.7.2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-10691, CVE-2019-11500
SHA-256 | cddba783a17794365464d8147d620763c2579d8620bb0ccfc1692937e1db247c
Ubuntu Security Notice USN-4110-4
Posted Aug 28, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4110-4 - USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-11500
SHA-256 | ba5b903c212775a3900d1f88e72486fb256e8202fa117e10525eaf3cbcd9a736
Ubuntu Security Notice USN-4110-3
Posted Aug 28, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4110-3 - USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem. Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-11500
SHA-256 | ea497bd34cac8fb3ea8df64d24c03b963f18392532a993273d189149c06c84cc
Ubuntu Security Notice USN-4110-2
Posted Aug 28, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4110-2 - USN-4110-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-11500
SHA-256 | 304d734f8346c73e85ea728a6b76429713959e68248569d54ebbdad82c84f68c
Debian Security Advisory 4510-1
Posted Aug 28, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4510-1 - Nick Roessler and Rafi Rubin discovered that the IMAP and ManageSieve protocol parsers in the Dovecot email server do not properly validate input (both pre- and post-login). A remote attacker can take advantage of this flaw to trigger out of bounds heap memory writes, leading to information leaks or potentially the execution of arbitrary code.

tags | advisory, remote, arbitrary, imap, protocol
systems | linux, debian
advisories | CVE-2019-11500
SHA-256 | c04546fd005105ce0ea049041181543abc29468ef19bad67410168c397658f7d
Ubuntu Security Notice USN-4110-1
Posted Aug 28, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4110-1 - Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-11500
SHA-256 | 266fb9a4d88612b859b072db5fec419fd51c1b8f1685d5cfba9cc0a100abcb6b
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close