Bugzilla – Bug 1187419
VUL-0: CVE-2021-33515: dovecot,dovecot22,dovecot23: Attacker can potentially steal user credentials and mails
Last modified: 2022-08-18 08:50:56 UTC
via distros. Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4583 (Bug ID) Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection') Vulnerable version: 2.3.0-2.3.14 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification: 2021-05-21 Solution date: 2021-05-22 Public disclosure: 2021-06-21 CVE reference: CVE-2021-33515 CVSS: 4.2 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N) Researcher credit: Fabian Ising and Damian Poddebniak of Münster University of Applied Sciences Vulnerability Details: On-path attacker could inject plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client. Only the SMTP submission service is affected. Risk: Attacker can potentially steal user credentials and mails. The attacker needs to have sending permissions on the submission server (a valid username and password). Workaround: None. Solution: Operators should update to 2.3.14.1 or later version.
Created attachment 850314 [details] Upstream patch
Affected packages: - SUSE:SLE-15:Update/dovecot 2.3 - SUSE:SLE-15-SP1:Update/dovecot23 2.3.11.3 - SUSE:SLE-15-SP2:Update/dovecot23 2.3.11.3 - SUSE:SLE-15:Update/dovecot23 2.3.11.3 - openSUSE:Factory/dovecot23 2.3.14
This is now public
SUSE-SU-2021:2122-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1187418,1187419 CVE References: CVE-2021-29157,CVE-2021-33515 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): dovecot23-2.3.11.3-4.35.1 SUSE Linux Enterprise Server 15-LTSS (src): dovecot23-2.3.11.3-4.35.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): dovecot23-2.3.11.3-4.35.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): dovecot23-2.3.11.3-4.35.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2123-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1187418,1187419 CVE References: CVE-2021-29157,CVE-2021-33515 JIRA References: Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): dovecot23-2.3.11.3-55.1 SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): dovecot23-2.3.11.3-55.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2124-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1187418,1187419 CVE References: CVE-2021-29157,CVE-2021-33515 JIRA References: Sources used: SUSE Manager Server 4.0 (src): dovecot23-2.3.11.3-24.1 SUSE Manager Retail Branch Server 4.0 (src): dovecot23-2.3.11.3-24.1 SUSE Manager Proxy 4.0 (src): dovecot23-2.3.11.3-24.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): dovecot23-2.3.11.3-24.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): dovecot23-2.3.11.3-24.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): dovecot23-2.3.11.3-24.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): dovecot23-2.3.11.3-24.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): dovecot23-2.3.11.3-24.1 SUSE Enterprise Storage 6 (src): dovecot23-2.3.11.3-24.1 SUSE CaaS Platform 4.0 (src): dovecot23-2.3.11.3-24.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:2123-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1187418,1187419 CVE References: CVE-2021-29157,CVE-2021-33515 JIRA References: Sources used: openSUSE Leap 15.3 (src): dovecot23-2.3.11.3-55.1
released
# maintenance_jira_update_notice SUSE-SU-2021:2890-1: An update that solves two vulnerabilities, contains one feature and has one errata is now available. Category: security (moderate) Bug References: 1187418,1187419,1187420 CVE References: CVE-2020-28200,CVE-2021-29157 JIRA References: SLE-19970 Sources used: SUSE Linux Enterprise Server for SAP 15 (src): dovecot23-2.3.15-4.38.3 SUSE Linux Enterprise Server 15-LTSS (src): dovecot23-2.3.15-4.38.3 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): dovecot23-2.3.15-4.38.3 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): dovecot23-2.3.15-4.38.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
# maintenance_jira_update_notice SUSE-SU-2021:2892-1: An update that solves two vulnerabilities, contains one feature and has one errata is now available. Category: security (moderate) Bug References: 1187418,1187419,1187420 CVE References: CVE-2020-28200,CVE-2021-29157 JIRA References: SLE-19970 Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): dovecot23-2.3.15-58.3 SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): dovecot23-2.3.15-58.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
# maintenance_jira_update_notice SUSE-SU-2021:2891-1: An update that solves two vulnerabilities, contains one feature and has one errata is now available. Category: security (moderate) Bug References: 1187418,1187419,1187420 CVE References: CVE-2020-28200,CVE-2021-29157 JIRA References: SLE-19970 Sources used: SUSE Manager Server 4.0 (src): dovecot23-2.3.15-27.3 SUSE Manager Retail Branch Server 4.0 (src): dovecot23-2.3.15-27.3 SUSE Manager Proxy 4.0 (src): dovecot23-2.3.15-27.3 SUSE Linux Enterprise Server for SAP 15-SP1 (src): dovecot23-2.3.15-27.3 SUSE Linux Enterprise Server 15-SP1-LTSS (src): dovecot23-2.3.15-27.3 SUSE Linux Enterprise Server 15-SP1-BCL (src): dovecot23-2.3.15-27.3 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): dovecot23-2.3.15-27.3 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): dovecot23-2.3.15-27.3 SUSE Enterprise Storage 6 (src): dovecot23-2.3.15-27.3 SUSE CaaS Platform 4.0 (src): dovecot23-2.3.15-27.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
# maintenance_jira_update_notice openSUSE-SU-2021:2892-1: An update that solves two vulnerabilities, contains one feature and has one errata is now available. Category: security (moderate) Bug References: 1187418,1187419,1187420 CVE References: CVE-2020-28200,CVE-2021-29157 JIRA References: SLE-19970 Sources used: openSUSE Leap 15.3 (src): dovecot23-2.3.15-58.3
# maintenance_jira_update_notice openSUSE-SU-2021:1225-1: An update that solves two vulnerabilities, contains one feature and has one errata is now available. Category: security (moderate) Bug References: 1187418,1187419,1187420 CVE References: CVE-2020-28200,CVE-2021-29157 JIRA References: SLE-19970 Sources used: openSUSE Leap 15.2 (src): dovecot23-2.3.15-lp152.2.12.1
Thanks a lot for clarifying, closing.