[Dovecot-news] CVE-2020-12673: Specially crafted NTML package can crash auth service

Aki Tuomi aki.tuomi at dovecot.fi
Wed Aug 12 16:10:07 EEST 2020

Open-Xchange Security Advisory 2020-08-12

Affected product: Dovecot IMAP server
Internal reference: DOP-1870 (Bug ID)
Vulnerability type: CWE-789 (Uncontrolled Memory Allocation)
Vulnerable version: 2.2
Vulnerable component: auth
Fixed version:
Report confidence: Confirmed
Solution status: Fix available
Vendor notification: 2020-05-03
CVE reference: CVE-2020-12673
CVSS: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Vulnerability Details:
Dovecot's NTLM implementation does not correctly check message buffer
size, which leads to reading past allocation which can lead to crash.

An adversary can use this vulnerability to crash dovecot auth process
repeatedly, preventing login.

Steps to reproduce:
(echo 'AUTH NTLM'; echo -ne
| \
base64 -w0 ;echo ;echo -ne
base64 -w0;echo ; echo QUIT)  | nc 110

Disable NTLM authentication.

Upgrade to fixed version.

Best regards,
Aki Tuomi
Open-Xchange oy

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://dovecot.org/pipermail/dovecot-news/attachments/20200812/fff47f18/attachment-0001.sig>

More information about the Dovecot-news mailing list