CVE-2020-24386

Related Files

Gentoo Linux Security Advisory 202101-01

Posted Jan 11, 2021

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-1 - Multiple vulnerabilities have been found in Dovecot, the worst of which could allow remote attackers to cause a Denial of Service condition. Versions less than 2.3.13 are affected.

tags | advisory, remote, denial of service, vulnerability

systems | linux, gentoo

advisories | CVE-2020-24386, CVE-2020-25275

MD5 | 3a89fff6479017300d6ec9a323c8b69e

Download | Favorite | View

Dovecot 2.3.11.3 Access Bypass

Posted Jan 7, 2021

Authored by Aki Tuomi

Dovecot versions 2.2.26 through 2.3.11.3 suffer from a bypass issue. When imap hibernation is active, an attacker can cause Dovecot to discover file system directory structure and access other users' emails using a specially crafted command. The attacker must have valid credentials to access the mail server.

tags | advisory, imap, bypass

advisories | CVE-2020-24386

MD5 | 5f6ec291becfdbef0390d40207572b2b

Download | Favorite | View

Ubuntu Security Notice USN-4674-1

Posted Jan 4, 2021

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4674-1 - It was discovered that Dovecot incorrectly handled certain imap hibernation commands. A remote authenticated attacker could possibly use this issue to access other users' email. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME parsing. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, imap

systems | linux, ubuntu

advisories | CVE-2020-24386, CVE-2020-25275

MD5 | b2e560c9e62cc73f933684b14231318a

Download | Favorite | View