Published: 24/05/2011 Updated: 17/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

lib-mail/message-header-parser.c in Dovecot 1.2.x prior to 1.2.17 and 2.0.x prior to 2.0.13 does not properly handle '\0' characters in header names, which allows remote malicious users to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dovecot dovecot 1.2.2
dovecot dovecot 1.2.3
dovecot dovecot 1.2.13
dovecot dovecot 1.2.15
dovecot dovecot 1.2.9
dovecot dovecot 1.2.10
dovecot dovecot 1.2.1
dovecot dovecot 1.2.12
dovecot dovecot 1.2.0
dovecot dovecot 1.2.4
dovecot dovecot 1.2.5
dovecot dovecot 1.2.14
dovecot dovecot 1.2.16
dovecot dovecot 1.2.11
dovecot dovecot 1.2.8
dovecot dovecot 1.2.6
dovecot dovecot 1.2.7
dovecot dovecot 2.0.3
dovecot dovecot 2.0.0
dovecot dovecot 2.0.11
dovecot dovecot 2.0.12
dovecot dovecot 2.0.5
dovecot dovecot 2.0.2
dovecot dovecot 2.0.8
dovecot dovecot 2.0.9
dovecot dovecot 2.0.10
dovecot dovecot 2.0.1
dovecot dovecot 2.0
dovecot dovecot 2.0.4
dovecot dovecot 2.0.6
dovecot dovecot 2.0.7

Debian Bug report logs - #627443 CVE-2011-1929 Package: dovecot; Maintainer for dovecot is Dovecot Maintainers <dovecot@packagesdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 20 May 2011 16:45:08 UTC Severity: grave Tags: security Found in version 1:1215-4 Fixed in versions dovecot/1:20 ...

An attacker could send a crafted email message that could disrupt email service ...

It was discovered that the message header parser in the Dovecot mail server parsed NUL characters incorrectly, which could lead to denial of service through malformed mail headers The oldstable distribution (lenny) is not affected For the stable distribution (squeeze), this problem has been fixed in version 1215-7 For the unstable distribution ...

CWE-20 http://openwall.com/lists/oss-security/2011/05/19/3 http://dovecot.org/pipermail/dovecot/2011-May/059085.html https://bugzilla.redhat.com/show_bug.cgi?id=706286 http://www.dovecot.org/doc/NEWS-2.0 http://www.securityfocus.com/bid/47930 http://openwall.com/lists/oss-security/2011/05/18/4 http://dovecot.org/pipermail/dovecot/2011-May/059086.html http://openwall.com/lists/oss-security/2011/05/19/6 http://www.dovecot.org/doc/NEWS-1.2 http://hg.dovecot.org/dovecot-1.1/rev/3698dfe0f21c http://secunia.com/advisories/44827 https://hermes.opensuse.org/messages/8581790 http://osvdb.org/72495 http://secunia.com/advisories/44712 http://www.mandriva.com/security/advisories?name=MDVSA-2011:101 http://www.ubuntu.com/usn/USN-1143-1 http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060815.html http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060825.html http://secunia.com/advisories/44771 http://secunia.com/advisories/44756 http://www.debian.org/security/2011/dsa-2252 http://www.redhat.com/support/errata/RHSA-2011-1187.html http://secunia.com/advisories/44683 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061384.html https://exchange.xforce.ibmcloud.com/vulnerabilities/67589 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627443 https://usn.ubuntu.com/1143-1/https://nvd.nist.gov

CVE-2011-1929

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect