Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-1929

lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.

Related bugs and status

CVE-2011-1929 (Candidate) is related to these bugs:

Bug #791758: CVE-2011-1929 and Dovecot 1.0.10-1ubuntu5.2 in Hardy

Summary				In	Importance	Status
	791758	CVE-2011-1929 and Dovecot 1.0.10-1ubuntu5.2 in Hardy		dovecot (Ubuntu)	High	Invalid

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://osvdb.org/72495
MISC: http://www.debian.org/...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://www.mandriva.co...
MISC: https://bugzilla.redha...
MISC: http://www.redhat.com/...
MISC: http://www.ubuntu.com/...
MISC: http://dovecot.org/pip...
MISC: http://dovecot.org/pip...
MISC: http://openwall.com/li...
MISC: http://openwall.com/li...
MISC: http://openwall.com/li...
MISC: https://exchange.xforc...
MISC: http://hg.dovecot.org/...
MISC: http://www.dovecot.org...
MISC: http://www.dovecot.org...
MISC: https://hermes.opensus...