1.2.x versions before 1.2.11 are vulnerable to DoS attack

Bug #536695 reported by Marco Nenciarini on 2010-03-10
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
dovecot (Ubuntu)
Undecided
Unassigned

Bug Description

Fetching a message with a huge header could have resulted in Dovecot
eating a lot of CPU. An evil attacker could cause a DoS by sending
forged messages.

CVE not assigned jet, but debian security team is working to obtain one.

from Timo's post to the dovecot mailing list:
>
> mbox users really should upgrade, because by sending a message with a
> huge header you could basically cause a DoS (this problem exists only
> with v1.2.x, not with v1.0 or v1.1).
>
> - mbox: Message header reading was unnecessarily slow. Fetching a
> huge header could have resulted in Dovecot eating a lot of CPU.
> Also searching messages was much slower than necessary.
> - mbox, dbox, cydir: Mail root directory was created with 0770
> permissions, instead of 0700.
> - maildir: Reading uidlist could have ended up in an infinite loop.
> - IMAP IDLE: v1.2.7+ caused extra load by checking changes every
> 0.5 seconds after a change had occurred in mailbox
>

Related branches

CVE References

visibility: private → public
Changed in dovecot (Ubuntu):
status: New → Confirmed
Marco Nenciarini (mnencia) wrote :

Here is the patch to correct this issue

http://hg.dovecot.org/dovecot-1.2/rev/6c9f2ed821df

tags: added: patch
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dovecot - 1:1.2.9-1ubuntu5

---------------
dovecot (1:1.2.9-1ubuntu5) lucid; urgency=low

  * debian/patches/fix-dovecot-dos.dpatch: Fix possible DoS with dovecot. (LP: #536695)
 -- Chuck Short <email address hidden> Wed, 10 Mar 2010 14:25:52 -0500

Changed in dovecot (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers