var-201803-0134
Vulnerability from variot

A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server. Dovecot Contains an out-of-bounds vulnerability and an information disclosure vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Dovecot is an open source IMAP and POP3 mail server based on Linux/UNIX-like systems. A cross-boundary read vulnerability exists in Dovecot version 2.2.33.2. This vulnerability can be used to cause denial of service and access to sensitive information. Dovecot is prone to an information-disclosure vulnerability. Failed exploit attempts will result in a denial-of-service condition. Dovecot 2.2.33.2 is vulnerable; other versions may also be affected. ========================================================================== Ubuntu Security Notice USN-3587-2 April 02, 2018

dovecot vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

It was discovered that Dovecot incorrectly handled parsing certain email addresses. (CVE-2017-14461)

It was discovered that Dovecot incorrectly handled TLS SNI config lookups. (CVE-2017-15130)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 ESM: dovecot-core 1:2.0.19-0ubuntu2.5

In general, a standard system update will make all the necessary changes.

References: https://usn.ubuntu.com/usn/usn-3587-2 https://usn.ubuntu.com/usn/usn-3587-1 CVE-2017-14461, CVE-2017-15130 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512


Debian Security Advisory DSA-4130-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 02, 2018 https://www.debian.org/security/faq


Package : dovecot CVE ID : CVE-2017-14461 CVE-2017-15130 CVE-2017-15132 Debian Bug : 888432 891819 891820

Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues:

CVE-2017-14461

Aleksandar Nikolic of Cisco Talos and 'flxflndy' discovered that
Dovecot does not properly parse invalid email addresses, which may
cause a crash or leak memory contents to an attacker.

CVE-2017-15130

It was discovered that TLS SNI config lookups may lead to excessive
memory usage, causing imap-login/pop3-login VSZ limit to be reached
and the process restarted, resulting in a denial of service. Only
Dovecot configurations containing local_name { } or local { }
configuration blocks are affected.

CVE-2017-15132

It was discovered that Dovecot contains a memory leak flaw in the
login process on aborted SASL authentication.

For the oldstable distribution (jessie), these problems have been fixed in version 1:2.2.13-12~deb8u4.

For the stable distribution (stretch), these problems have been fixed in version 1:2.2.27-3+deb9u2.

We recommend that you upgrade your dovecot packages.

For the detailed security status of dovecot please refer to its security tracker page at: https://security-tracker.debian.org/tracker/dovecot

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqZzelfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0T8fg/+KmUzgEXDQFSnWOmSt+8GXFB08C2XtXmopMuej/1tjkZZ7B04vXfkgYZ9 u7zICbM56VrTmnXOYnLuXjqLrzGO0Y9jX+Z5G4BSw0TgP+g6ME72ZvqxuE4IKQqi QlaKTX86B1AMpzvkLrhwXlArJDr7pJzOonFJds6rKtVA4OvY4/fAAWrH89BFchet VwdO5rngcd/qnAYVOZglTMfgVlzxvenx+0fbQ6JFS6T8ODOFSsnwth64u3KY8yYj 4PGTBqX4m+2S2q2qGinueBgHNUV4RK71Zw1QYDa2gMBQR3HtlMnDhmQ4uYCvKP04 Z1GJYX6dMxMSWPKC2WecrdCSV+QAdMlYypKbhqcLA4LHcdPR+v35oQT4X/SYd2WS Zf50KMYUm9Q3YiOHVDrJo+o21hX4g8hRw1wdewZz+wyQ1n1TOlVtRh4vmACKRzNx 7bUayEvVU3q3VQd+dDH2Bl+TBiO7RB5/b2pHp8vHwAlVX00jYSSnoLUKT0L4BQ54 +1DZ8j88OFKDxTgOsbk19rhfraY7iejAjHZDVnJBwC/tB9REG6DOrDIG4OJqTKw4 sP1JaHryOGXzOf/8h61rY5HAuwofGkAZN7S+Bel0+zGYJvIcSyxpBKvJB/0TDNjm E5KphLFG9RGVmdeVkQzG6tGUMnMXxFrAD5U3hlzUsNGLLA+RE78= =Yh09 -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201803-0134",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "dovecot",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "dovecot",
        "version": "2.2.33.2"
      },
      {
        "model": "ubuntu",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ubuntu",
        "version": "16.04"
      },
      {
        "model": "ubuntu",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ubuntu",
        "version": "17.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "ubuntu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "ubuntu",
        "scope": null,
        "trust": 0.8,
        "vendor": "canonical",
        "version": null
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "dovecot",
        "scope": null,
        "trust": 0.8,
        "vendor": "timo sirainen",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06399"
      },
      {
        "db": "BID",
        "id": "103201"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012764"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14461"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-607"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dovecot:dovecot:2.2.33.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:ubuntu:ubuntu:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:ubuntu:ubuntu:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:ubuntu:ubuntu:17.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-14461"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Aleksandar Nikolic of Cisco Talos.",
    "sources": [
      {
        "db": "BID",
        "id": "103201"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-14461",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-14461",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2018-06399",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 4.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "talos-cna@cisco.com",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.6,
            "impactScore": 4.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.1,
            "baseSeverity": "High",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2017-14461",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-14461",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "talos-cna@cisco.com",
            "id": "CVE-2017-14461",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-06399",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201709-607",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06399"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012764"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14461"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14461"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-607"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server. Dovecot Contains an out-of-bounds vulnerability and an information disclosure vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Dovecot is an open source IMAP and POP3 mail server based on Linux/UNIX-like systems. A cross-boundary read vulnerability exists in Dovecot version 2.2.33.2. This vulnerability can be used to cause denial of service and access to sensitive information. Dovecot is prone to an information-disclosure vulnerability.  Failed exploit attempts will result in a denial-of-service  condition. \nDovecot 2.2.33.2 is vulnerable; other versions may also be affected. ==========================================================================\nUbuntu Security Notice USN-3587-2\nApril 02, 2018\n\ndovecot vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Dovecot. This update provides\nthe corresponding update for Ubuntu 12.04 ESM. \n\nOriginal advisory details:\n\n It was discovered that Dovecot incorrectly handled parsing certain\n email addresses. (CVE-2017-14461)\n\n It was discovered that Dovecot incorrectly handled TLS SNI config\n lookups. (CVE-2017-15130)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 ESM:\n  dovecot-core                    1:2.0.19-0ubuntu2.5\n\nIn general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n  https://usn.ubuntu.com/usn/usn-3587-2\n  https://usn.ubuntu.com/usn/usn-3587-1\n  CVE-2017-14461, CVE-2017-15130\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4130-1                   security@debian.org\nhttps://www.debian.org/security/                     Salvatore Bonaccorso\nMarch 02, 2018                        https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : dovecot\nCVE ID         : CVE-2017-14461 CVE-2017-15130 CVE-2017-15132\nDebian Bug     : 888432 891819 891820\n\nSeveral vulnerabilities have been discovered in the Dovecot email\nserver. The Common Vulnerabilities and Exposures project identifies the\nfollowing issues:\n\nCVE-2017-14461\n\n    Aleksandar Nikolic of Cisco Talos and \u0027flxflndy\u0027 discovered that\n    Dovecot does not properly parse invalid email addresses, which may\n    cause a crash or leak memory contents to an attacker. \n\nCVE-2017-15130\n\n    It was discovered that TLS SNI config lookups may lead to excessive\n    memory usage, causing imap-login/pop3-login VSZ limit to be reached\n    and the process restarted, resulting in a denial of service. Only\n    Dovecot configurations containing local_name { } or local { }\n    configuration blocks are affected. \n\nCVE-2017-15132\n\n    It was discovered that Dovecot contains a memory leak flaw in the\n    login process on aborted SASL authentication. \n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 1:2.2.13-12~deb8u4. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:2.2.27-3+deb9u2. \n\nWe recommend that you upgrade your dovecot packages. \n\nFor the detailed security status of dovecot please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/dovecot\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqZzelfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0T8fg/+KmUzgEXDQFSnWOmSt+8GXFB08C2XtXmopMuej/1tjkZZ7B04vXfkgYZ9\nu7zICbM56VrTmnXOYnLuXjqLrzGO0Y9jX+Z5G4BSw0TgP+g6ME72ZvqxuE4IKQqi\nQlaKTX86B1AMpzvkLrhwXlArJDr7pJzOonFJds6rKtVA4OvY4/fAAWrH89BFchet\nVwdO5rngcd/qnAYVOZglTMfgVlzxvenx+0fbQ6JFS6T8ODOFSsnwth64u3KY8yYj\n4PGTBqX4m+2S2q2qGinueBgHNUV4RK71Zw1QYDa2gMBQR3HtlMnDhmQ4uYCvKP04\nZ1GJYX6dMxMSWPKC2WecrdCSV+QAdMlYypKbhqcLA4LHcdPR+v35oQT4X/SYd2WS\nZf50KMYUm9Q3YiOHVDrJo+o21hX4g8hRw1wdewZz+wyQ1n1TOlVtRh4vmACKRzNx\n7bUayEvVU3q3VQd+dDH2Bl+TBiO7RB5/b2pHp8vHwAlVX00jYSSnoLUKT0L4BQ54\n+1DZ8j88OFKDxTgOsbk19rhfraY7iejAjHZDVnJBwC/tB9REG6DOrDIG4OJqTKw4\nsP1JaHryOGXzOf/8h61rY5HAuwofGkAZN7S+Bel0+zGYJvIcSyxpBKvJB/0TDNjm\nE5KphLFG9RGVmdeVkQzG6tGUMnMXxFrAD5U3hlzUsNGLLA+RE78=\n=Yh09\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-14461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012764"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06399"
      },
      {
        "db": "BID",
        "id": "103201"
      },
      {
        "db": "PACKETSTORM",
        "id": "147005"
      },
      {
        "db": "PACKETSTORM",
        "id": "146647"
      },
      {
        "db": "PACKETSTORM",
        "id": "146656"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-14461",
        "trust": 3.6
      },
      {
        "db": "TALOS",
        "id": "TALOS-2017-0510",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "103201",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012764",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06399",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-607",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "147005",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146647",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146656",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06399"
      },
      {
        "db": "BID",
        "id": "103201"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012764"
      },
      {
        "db": "PACKETSTORM",
        "id": "147005"
      },
      {
        "db": "PACKETSTORM",
        "id": "146647"
      },
      {
        "db": "PACKETSTORM",
        "id": "146656"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14461"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-607"
      }
    ]
  },
  "id": "VAR-201803-0134",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06399"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06399"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:57:05.173000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "[SECURITY] [DLA 1333-1] dovecot security update",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html"
      },
      {
        "title": "DSA-4130",
        "trust": 0.8,
        "url": "https://www.debian.org/security/2018/dsa-4130"
      },
      {
        "title": "[Dovecot-news] v2.2.34 released",
        "trust": 0.8,
        "url": "https://www.dovecot.org/list/dovecot-news/2018-february/000370.html"
      },
      {
        "title": "USN-3587-1",
        "trust": 0.8,
        "url": "https://usn.ubuntu.com/3587-1/"
      },
      {
        "title": "USN-3587-2",
        "trust": 0.8,
        "url": "https://usn.ubuntu.com/3587-2/"
      },
      {
        "title": "Dovecot Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=190036"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012764"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-607"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.8
      },
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012764"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14461"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0510"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/103201"
      },
      {
        "trust": 1.6,
        "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html"
      },
      {
        "trust": 1.6,
        "url": "https://usn.ubuntu.com/3587-1/"
      },
      {
        "trust": 1.6,
        "url": "https://usn.ubuntu.com/3587-2/"
      },
      {
        "trust": 1.6,
        "url": "https://www.debian.org/security/2018/dsa-4130"
      },
      {
        "trust": 1.6,
        "url": "https://www.dovecot.org/list/dovecot-news/2018-february/000370.html"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14461"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14461"
      },
      {
        "trust": 0.3,
        "url": "http://www.dovecot.org/"
      },
      {
        "trust": 0.3,
        "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0510"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-15130"
      },
      {
        "trust": 0.2,
        "url": "https://usn.ubuntu.com/usn/usn-3587-1"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/usn/usn-3587-2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dovecot/1:2.2.9-1ubuntu2.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dovecot/1:2.2.22-1ubuntu2.7"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dovecot/1:2.2.27-3ubuntu1.3"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-15132"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/dovecot"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06399"
      },
      {
        "db": "BID",
        "id": "103201"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012764"
      },
      {
        "db": "PACKETSTORM",
        "id": "147005"
      },
      {
        "db": "PACKETSTORM",
        "id": "146647"
      },
      {
        "db": "PACKETSTORM",
        "id": "146656"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14461"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-607"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06399"
      },
      {
        "db": "BID",
        "id": "103201"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012764"
      },
      {
        "db": "PACKETSTORM",
        "id": "147005"
      },
      {
        "db": "PACKETSTORM",
        "id": "146647"
      },
      {
        "db": "PACKETSTORM",
        "id": "146656"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14461"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-607"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-27T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-06399"
      },
      {
        "date": "2018-03-01T00:00:00",
        "db": "BID",
        "id": "103201"
      },
      {
        "date": "2018-04-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-012764"
      },
      {
        "date": "2018-04-02T16:54:55",
        "db": "PACKETSTORM",
        "id": "147005"
      },
      {
        "date": "2018-03-05T22:23:00",
        "db": "PACKETSTORM",
        "id": "146647"
      },
      {
        "date": "2018-03-05T23:45:22",
        "db": "PACKETSTORM",
        "id": "146656"
      },
      {
        "date": "2018-03-02T15:29:00.210000",
        "db": "NVD",
        "id": "CVE-2017-14461"
      },
      {
        "date": "2017-09-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-607"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-27T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-06399"
      },
      {
        "date": "2018-03-01T00:00:00",
        "db": "BID",
        "id": "103201"
      },
      {
        "date": "2018-04-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-012764"
      },
      {
        "date": "2022-04-19T19:15:17.503000",
        "db": "NVD",
        "id": "CVE-2017-14461"
      },
      {
        "date": "2022-04-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-607"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "147005"
      },
      {
        "db": "PACKETSTORM",
        "id": "146647"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-607"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dovecot Vulnerable to out-of-bounds reading",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012764"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-607"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.