exploit the possibilities
Showing 1 - 3 of 3 RSS Feed

CVE-2020-24386

Status Candidate

Overview

An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).

Related Files

Gentoo Linux Security Advisory 202101-01
Posted Jan 11, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-1 - Multiple vulnerabilities have been found in Dovecot, the worst of which could allow remote attackers to cause a Denial of Service condition. Versions less than 2.3.13 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2020-24386, CVE-2020-25275
MD5 | 3a89fff6479017300d6ec9a323c8b69e
Dovecot 2.3.11.3 Access Bypass
Posted Jan 7, 2021
Authored by Aki Tuomi

Dovecot versions 2.2.26 through 2.3.11.3 suffer from a bypass issue. When imap hibernation is active, an attacker can cause Dovecot to discover file system directory structure and access other users' emails using a specially crafted command. The attacker must have valid credentials to access the mail server.

tags | advisory, imap, bypass
advisories | CVE-2020-24386
MD5 | 5f6ec291becfdbef0390d40207572b2b
Ubuntu Security Notice USN-4674-1
Posted Jan 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4674-1 - It was discovered that Dovecot incorrectly handled certain imap hibernation commands. A remote authenticated attacker could possibly use this issue to access other users' email. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME parsing. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, imap
systems | linux, ubuntu
advisories | CVE-2020-24386, CVE-2020-25275
MD5 | b2e560c9e62cc73f933684b14231318a
Page 1 of 1
Back1Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    16 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close