Mitigation / disable FTS and pop3-uidl plugin was Re: CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files

Kevin A. McGrail KMcGrail at PCCC.com
Thu Mar 28 16:44:30 EET 2019


On 3/28/2019 10:40 AM, Aki Tuomi wrote:
>
> check for fts in mail_plugins. pop3-uidl is used by pop3_migration
> plugin.

Sorry if I'm dense but can you be more specific?  Are you talking about
checking conf files or binary files? 

For example, does the existence of
/usr/local/lib/dovecot/lib20_fts_plugin.so imply an exploitable situation? 

Are their settings in a conf file that disable those plugins? 

Regards,

KAM



More information about the dovecot mailing list