var-201803-1087
Vulnerability from variot
A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart. dovecot Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Dovecot is an open source IMAP and POP3 mail server based on Linux/UNIX-like systems. ========================================================================== Ubuntu Security Notice USN-3587-2 April 02, 2018
dovecot vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that Dovecot incorrectly handled parsing certain email addresses. (CVE-2017-14461)
It was discovered that Dovecot incorrectly handled TLS SNI config lookups. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. (CVE-2017-15130)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 ESM: dovecot-core 1:2.0.19-0ubuntu2.5
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3587-2 https://usn.ubuntu.com/usn/usn-3587-1 CVE-2017-14461, CVE-2017-15130 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4130-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 02, 2018 https://www.debian.org/security/faq
Package : dovecot CVE ID : CVE-2017-14461 CVE-2017-15130 CVE-2017-15132 Debian Bug : 888432 891819 891820
Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues:
CVE-2017-14461
Aleksandar Nikolic of Cisco Talos and 'flxflndy' discovered that
Dovecot does not properly parse invalid email addresses, which may
cause a crash or leak memory contents to an attacker. Only
Dovecot configurations containing local_name { } or local { }
configuration blocks are affected.
CVE-2017-15132
It was discovered that Dovecot contains a memory leak flaw in the
login process on aborted SASL authentication.
For the oldstable distribution (jessie), these problems have been fixed in version 1:2.2.13-12~deb8u4.
For the stable distribution (stretch), these problems have been fixed in version 1:2.2.27-3+deb9u2.
We recommend that you upgrade your dovecot packages.
For the detailed security status of dovecot please refer to its security tracker page at: https://security-tracker.debian.org/tracker/dovecot
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqZzelfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0T8fg/+KmUzgEXDQFSnWOmSt+8GXFB08C2XtXmopMuej/1tjkZZ7B04vXfkgYZ9 u7zICbM56VrTmnXOYnLuXjqLrzGO0Y9jX+Z5G4BSw0TgP+g6ME72ZvqxuE4IKQqi QlaKTX86B1AMpzvkLrhwXlArJDr7pJzOonFJds6rKtVA4OvY4/fAAWrH89BFchet VwdO5rngcd/qnAYVOZglTMfgVlzxvenx+0fbQ6JFS6T8ODOFSsnwth64u3KY8yYj 4PGTBqX4m+2S2q2qGinueBgHNUV4RK71Zw1QYDa2gMBQR3HtlMnDhmQ4uYCvKP04 Z1GJYX6dMxMSWPKC2WecrdCSV+QAdMlYypKbhqcLA4LHcdPR+v35oQT4X/SYd2WS Zf50KMYUm9Q3YiOHVDrJo+o21hX4g8hRw1wdewZz+wyQ1n1TOlVtRh4vmACKRzNx 7bUayEvVU3q3VQd+dDH2Bl+TBiO7RB5/b2pHp8vHwAlVX00jYSSnoLUKT0L4BQ54 +1DZ8j88OFKDxTgOsbk19rhfraY7iejAjHZDVnJBwC/tB9REG6DOrDIG4OJqTKw4 sP1JaHryOGXzOf/8h61rY5HAuwofGkAZN7S+Bel0+zGYJvIcSyxpBKvJB/0TDNjm E5KphLFG9RGVmdeVkQzG6tGUMnMXxFrAD5U3hlzUsNGLLA+RE78= =Yh09 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1087",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dovecot",
"scope": "lt",
"trust": 1.6,
"vendor": "dovecot",
"version": "2.2.34"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.6,
"vendor": "canonical",
"version": "17.10"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "dovecot",
"scope": "lt",
"trust": 0.8,
"vendor": "timo sirainen",
"version": "2.2.34"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05070"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012758"
},
{
"db": "NVD",
"id": "CVE-2017-15130"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-092"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.34",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15130"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "147005"
},
{
"db": "PACKETSTORM",
"id": "146647"
}
],
"trust": 0.2
},
"cve": "CVE-2017-15130",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-15130",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2018-05070",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-15130",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-15130",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-05070",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-092",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05070"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012758"
},
{
"db": "NVD",
"id": "CVE-2017-15130"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-092"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart. dovecot Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Dovecot is an open source IMAP and POP3 mail server based on Linux/UNIX-like systems. ==========================================================================\nUbuntu Security Notice USN-3587-2\nApril 02, 2018\n\ndovecot vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Dovecot. This update provides\nthe corresponding update for Ubuntu 12.04 ESM. \n\nOriginal advisory details:\n\n It was discovered that Dovecot incorrectly handled parsing certain\n email addresses. (CVE-2017-14461)\n\n It was discovered that Dovecot incorrectly handled TLS SNI config\n lookups. A remote attacker could possibly use this issue to cause\n Dovecot to crash, resulting in a denial of service. (CVE-2017-15130)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 ESM:\n dovecot-core 1:2.0.19-0ubuntu2.5\n\nIn general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n https://usn.ubuntu.com/usn/usn-3587-2\n https://usn.ubuntu.com/usn/usn-3587-1\n CVE-2017-14461, CVE-2017-15130\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4130-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMarch 02, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : dovecot\nCVE ID : CVE-2017-14461 CVE-2017-15130 CVE-2017-15132\nDebian Bug : 888432 891819 891820\n\nSeveral vulnerabilities have been discovered in the Dovecot email\nserver. The Common Vulnerabilities and Exposures project identifies the\nfollowing issues:\n\nCVE-2017-14461\n\n Aleksandar Nikolic of Cisco Talos and \u0027flxflndy\u0027 discovered that\n Dovecot does not properly parse invalid email addresses, which may\n cause a crash or leak memory contents to an attacker. Only\n Dovecot configurations containing local_name { } or local { }\n configuration blocks are affected. \n\nCVE-2017-15132\n\n It was discovered that Dovecot contains a memory leak flaw in the\n login process on aborted SASL authentication. \n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 1:2.2.13-12~deb8u4. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:2.2.27-3+deb9u2. \n\nWe recommend that you upgrade your dovecot packages. \n\nFor the detailed security status of dovecot please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/dovecot\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqZzelfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0T8fg/+KmUzgEXDQFSnWOmSt+8GXFB08C2XtXmopMuej/1tjkZZ7B04vXfkgYZ9\nu7zICbM56VrTmnXOYnLuXjqLrzGO0Y9jX+Z5G4BSw0TgP+g6ME72ZvqxuE4IKQqi\nQlaKTX86B1AMpzvkLrhwXlArJDr7pJzOonFJds6rKtVA4OvY4/fAAWrH89BFchet\nVwdO5rngcd/qnAYVOZglTMfgVlzxvenx+0fbQ6JFS6T8ODOFSsnwth64u3KY8yYj\n4PGTBqX4m+2S2q2qGinueBgHNUV4RK71Zw1QYDa2gMBQR3HtlMnDhmQ4uYCvKP04\nZ1GJYX6dMxMSWPKC2WecrdCSV+QAdMlYypKbhqcLA4LHcdPR+v35oQT4X/SYd2WS\nZf50KMYUm9Q3YiOHVDrJo+o21hX4g8hRw1wdewZz+wyQ1n1TOlVtRh4vmACKRzNx\n7bUayEvVU3q3VQd+dDH2Bl+TBiO7RB5/b2pHp8vHwAlVX00jYSSnoLUKT0L4BQ54\n+1DZ8j88OFKDxTgOsbk19rhfraY7iejAjHZDVnJBwC/tB9REG6DOrDIG4OJqTKw4\nsP1JaHryOGXzOf/8h61rY5HAuwofGkAZN7S+Bel0+zGYJvIcSyxpBKvJB/0TDNjm\nE5KphLFG9RGVmdeVkQzG6tGUMnMXxFrAD5U3hlzUsNGLLA+RE78=\n=Yh09\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15130"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012758"
},
{
"db": "CNVD",
"id": "CNVD-2018-05070"
},
{
"db": "PACKETSTORM",
"id": "147005"
},
{
"db": "PACKETSTORM",
"id": "146647"
},
{
"db": "PACKETSTORM",
"id": "146656"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-15130",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012758",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-05070",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-092",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "147005",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146647",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146656",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05070"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012758"
},
{
"db": "PACKETSTORM",
"id": "147005"
},
{
"db": "PACKETSTORM",
"id": "146647"
},
{
"db": "PACKETSTORM",
"id": "146656"
},
{
"db": "NVD",
"id": "CVE-2017-15130"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-092"
}
]
},
"id": "VAR-201803-1087",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05070"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05070"
}
]
},
"last_update_date": "2023-12-18T12:57:05.135000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[SECURITY] [DLA 1333-1] dovecot security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html"
},
{
"title": "DSA-4130",
"trust": 0.8,
"url": "https://www.debian.org/security/2018/dsa-4130"
},
{
"title": "[Dovecot-news] v2.2.34 released",
"trust": 0.8,
"url": "https://www.dovecot.org/list/dovecot-news/2018-february/000370.html"
},
{
"title": "USN-3587-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/3587-1/"
},
{
"title": "USN-3587-2",
"trust": 0.8,
"url": "https://usn.ubuntu.com/3587-2/"
},
{
"title": "Patch for dovecot denial of service vulnerability (CNVD-2018-05070)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121071"
},
{
"title": "Dovecot Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=78880"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05070"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012758"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-092"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-399",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012758"
},
{
"db": "NVD",
"id": "CVE-2017-15130"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15130"
},
{
"trust": 1.6,
"url": "http://seclists.org/oss-sec/2018/q1/205"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532356"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html"
},
{
"trust": 1.6,
"url": "https://usn.ubuntu.com/3587-1/"
},
{
"trust": 1.6,
"url": "https://usn.ubuntu.com/3587-2/"
},
{
"trust": 1.6,
"url": "https://www.debian.org/security/2018/dsa-4130"
},
{
"trust": 1.6,
"url": "https://www.dovecot.org/list/dovecot-news/2018-february/000370.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15130"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14461"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/usn/usn-3587-1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3587-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dovecot/1:2.2.9-1ubuntu2.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dovecot/1:2.2.22-1ubuntu2.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dovecot/1:2.2.27-3ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15132"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/dovecot"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05070"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012758"
},
{
"db": "PACKETSTORM",
"id": "147005"
},
{
"db": "PACKETSTORM",
"id": "146647"
},
{
"db": "PACKETSTORM",
"id": "146656"
},
{
"db": "NVD",
"id": "CVE-2017-15130"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-092"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05070"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012758"
},
{
"db": "PACKETSTORM",
"id": "147005"
},
{
"db": "PACKETSTORM",
"id": "146647"
},
{
"db": "PACKETSTORM",
"id": "146656"
},
{
"db": "NVD",
"id": "CVE-2017-15130"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-092"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05070"
},
{
"date": "2018-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012758"
},
{
"date": "2018-04-02T16:54:55",
"db": "PACKETSTORM",
"id": "147005"
},
{
"date": "2018-03-05T22:23:00",
"db": "PACKETSTORM",
"id": "146647"
},
{
"date": "2018-03-05T23:45:22",
"db": "PACKETSTORM",
"id": "146656"
},
{
"date": "2018-03-02T15:29:00.273000",
"db": "NVD",
"id": "CVE-2017-15130"
},
{
"date": "2018-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-092"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05070"
},
{
"date": "2018-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012758"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-15130"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-092"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "147005"
},
{
"db": "PACKETSTORM",
"id": "146647"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-092"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "dovecot Resource management vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012758"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-092"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.