Bug 1180405 (CVE-2020-24386) - VUL-0: CVE-2020-24386: dovecot: IMAP hibernation allows users to access other users' emails
Summary: VUL-0: CVE-2020-24386: dovecot: IMAP hibernation allows users to access other...
Status: RESOLVED FIXED
Alias: CVE-2020-24386
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Peter Varkoly
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/274101/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-24386:8.2:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-12-28 13:34 UTC by Wolfgang Frisch
Modified: 2021-09-10 12:06 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 9 Wolfgang Frisch 2021-01-04 14:31:32 UTC
via oss-security:

Open-Xchange Security Advisory 2021-01-04

Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOP-2009 (Bug ID)
Vulnerability type: CWE-150: Improper Neutralization of Escape, Meta, or
Control Sequences
Vulnerable version: 2.2.26-2.3.11.3
Vulnerable component: imap
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.13
Vendor notification: 2020-08-17
Solution date: 2020-08-27
Public disclosure: 2021-01-04
CVE reference: CVE-2020-24386
CVSS: 8.2 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N)

Vulnerability Details:

When imap hibernation is active, an attacker can cause Dovecot to
discover file
system directory structure and access other users' emails using
specially crafted
command. The attacker must have valid credentials to access the mail server.

Risk:

Attacker can access other users' emails and filesystem information.

Workaround:

Operators can choose to disable IMAP hibernation. IMAP hibernation is
not on by
default. To ensure imap hibernation is disabled, make sure
imap_hibernate_timeout
is set to 0 or unset.

Solution:

Operators should update to 2.3.13 or later version.
Comment 10 Swamp Workflow Management 2021-01-04 20:17:10 UTC
SUSE-SU-2021:0018-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1180405
CVE References: CVE-2020-24386
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    dovecot22-2.2.31-19.25.1
SUSE OpenStack Cloud Crowbar 8 (src):    dovecot22-2.2.31-19.25.1
SUSE OpenStack Cloud 9 (src):    dovecot22-2.2.31-19.25.1
SUSE OpenStack Cloud 8 (src):    dovecot22-2.2.31-19.25.1
SUSE OpenStack Cloud 7 (src):    dovecot22-2.2.31-19.25.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    dovecot22-2.2.31-19.25.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    dovecot22-2.2.31-19.25.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    dovecot22-2.2.31-19.25.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    dovecot22-2.2.31-19.25.1
SUSE Linux Enterprise Server 12-SP5 (src):    dovecot22-2.2.31-19.25.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    dovecot22-2.2.31-19.25.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    dovecot22-2.2.31-19.25.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    dovecot22-2.2.31-19.25.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    dovecot22-2.2.31-19.25.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    dovecot22-2.2.31-19.25.1
SUSE Enterprise Storage 5 (src):    dovecot22-2.2.31-19.25.1
HPE Helion Openstack 8 (src):    dovecot22-2.2.31-19.25.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2021-01-05 20:16:54 UTC
SUSE-SU-2021:0028-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1174920,1174922,1174923,1180405,1180406
CVE References: CVE-2020-12100,CVE-2020-12673,CVE-2020-12674,CVE-2020-24386,CVE-2020-25275
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    dovecot23-2.3.11.3-17.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2021-01-05 20:19:20 UTC
SUSE-SU-2021:0029-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1174920,1180405,1180406
CVE References: CVE-2020-12100,CVE-2020-24386,CVE-2020-25275
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    dovecot23-2.3.11.3-4.32.1
SUSE Linux Enterprise Server 15-LTSS (src):    dovecot23-2.3.11.3-4.32.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    dovecot23-2.3.11.3-4.32.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    dovecot23-2.3.11.3-4.32.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2021-01-05 20:20:27 UTC
SUSE-SU-2021:0027-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1174920,1180405,1180406
CVE References: CVE-2020-12100,CVE-2020-24386,CVE-2020-25275
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP1 (src):    dovecot23-2.3.11.3-21.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2021-01-07 20:18:20 UTC
openSUSE-SU-2021:0026-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1174920,1180405,1180406
CVE References: CVE-2020-12100,CVE-2020-24386,CVE-2020-25275
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    dovecot23-2.3.11.3-lp152.2.6.1
Comment 15 Swamp Workflow Management 2021-01-16 14:16:03 UTC
openSUSE-SU-2021:0072-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1174920,1180405,1180406
CVE References: CVE-2020-12100,CVE-2020-24386,CVE-2020-25275
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    dovecot23-2.3.11.3-lp151.2.15.1
Comment 16 Marcus Meissner 2021-09-10 12:06:50 UTC
done