Mitigation / disable FTS and pop3-uidl plugin was Re: CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files
Kevin A. McGrail
KMcGrail at PCCC.com
Thu Mar 28 16:44:30 EET 2019
On 3/28/2019 10:40 AM, Aki Tuomi wrote:
>
> check for fts in mail_plugins. pop3-uidl is used by pop3_migration
> plugin.
Sorry if I'm dense but can you be more specific? Are you talking about
checking conf files or binary files?
For example, does the existence of
/usr/local/lib/dovecot/lib20_fts_plugin.so imply an exploitable situation?
Are their settings in a conf file that disable those plugins?
Regards,
KAM
More information about the dovecot
mailing list