Bugzilla – Bug 1174923
VUL-0: CVE-2020-12674: dovecot22,dovecot23: improper implementation of RPA mechanism
Last modified: 2021-09-14 16:01:16 UTC
Steps to reproduce on SLE-15-SP2: 1. Configuration /etc/dovecot/conf.d/10-auth.conf auth_mechanisms = plain rpa !include auth-static.conf.ext /etc/dovecot/conf.d/auth-static.conf.ext passdb { driver = static args = password=test } 2. Restart Dovecot 3. Run the aforementioned PoC Result: vm-sle-15-sp2 dovecot[29606]: auth: Panic: Trying to allocate 0 bytes vm-sle-15-sp2 dovecot[29606]: auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(backtrace_append+0x42) [0x7fe26da49262] The setup is identical on SLE-12-SP2, except you also need to set "ssl = no" in the default configuration. Result: vm-sle-12-sp2 dovecot[8420]: auth: Panic: Trying to allocate 0 bytes vm-sle-12-sp2 dovecot[8420]: auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x9f4a0) [0x7fa659ef14a0] I set the bug tracking as follows: SUSE:SLE-12:Update dovecot22 Affected SUSE:SLE-15:Update dovecot23 Affected SUSE:SLE-15-SP1:Update dovecot23 Affected SUSE:SLE-15-SP2:Update dovecot23 Affected
I'm not sure if SUSE even provides supports for this obscure Compuserve authentication mechanism but unless anyone says otherwise, we should assume so.
(In reply to Wolfgang Frisch from comment #5) > I'm not sure if SUSE even provides supports for this obscure Compuserve > authentication mechanism but unless anyone says otherwise, we should assume > so. Please send me the patch. I can not download it from bugzilla. It will be shown as diff :-(
This is an autogenerated message for OBS integration: This bug (1174923) was mentioned in https://build.opensuse.org/request/show/826276 Factory / dovecot23
SUSE-SU-2020:2267-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1174922,1174923 CVE References: CVE-2020-12673,CVE-2020-12674 JIRA References: Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP1 (src): dovecot23-2.3.10-16.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:2266-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1174922,1174923 CVE References: CVE-2020-12673,CVE-2020-12674 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): dovecot23-2.3.10-4.27.1 SUSE Linux Enterprise Server 15-LTSS (src): dovecot23-2.3.10-4.27.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): dovecot23-2.3.10-4.27.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): dovecot23-2.3.10-4.27.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:2274-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1174922,1174923 CVE References: CVE-2020-12673,CVE-2020-12674 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): dovecot22-2.2.31-19.22.1 SUSE OpenStack Cloud Crowbar 8 (src): dovecot22-2.2.31-19.22.1 SUSE OpenStack Cloud 9 (src): dovecot22-2.2.31-19.22.1 SUSE OpenStack Cloud 8 (src): dovecot22-2.2.31-19.22.1 SUSE OpenStack Cloud 7 (src): dovecot22-2.2.31-19.22.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): dovecot22-2.2.31-19.22.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): dovecot22-2.2.31-19.22.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): dovecot22-2.2.31-19.22.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): dovecot22-2.2.31-19.22.1 SUSE Linux Enterprise Server 12-SP5 (src): dovecot22-2.2.31-19.22.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): dovecot22-2.2.31-19.22.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): dovecot22-2.2.31-19.22.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): dovecot22-2.2.31-19.22.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): dovecot22-2.2.31-19.22.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): dovecot22-2.2.31-19.22.1 SUSE Enterprise Storage 5 (src): dovecot22-2.2.31-19.22.1 HPE Helion Openstack 8 (src): dovecot22-2.2.31-19.22.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:1241-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1174922,1174923 CVE References: CVE-2020-12673,CVE-2020-12674 JIRA References: Sources used: openSUSE Leap 15.1 (src): dovecot23-2.3.10-lp151.2.12.1
openSUSE-SU-2020:1262-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1174922,1174923 CVE References: CVE-2020-12673,CVE-2020-12674 JIRA References: Sources used: openSUSE Leap 15.2 (src): dovecot23-2.3.10-lp152.2.3.1
SUSE-SU-2021:0028-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1174920,1174922,1174923,1180405,1180406 CVE References: CVE-2020-12100,CVE-2020-12673,CVE-2020-12674,CVE-2020-24386,CVE-2020-25275 JIRA References: Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): dovecot23-2.3.11.3-17.5.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done