Bug 1187420 (CVE-2020-28200) - VUL-0: CVE-2020-28200: dovecot,dovecot22,dovecot23: Attacker can DoS the mail delivery system
Summary: VUL-0: CVE-2020-28200: dovecot,dovecot22,dovecot23: Attacker can DoS the mail...
Status: RESOLVED FIXED
Alias: CVE-2020-28200
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Peter Varkoly
QA Contact: Security Team bot
URL: https://jira.suse.com/browse/TEAM-431...
Whiteboard: CVSSv3.1:SUSE:CVE-2020-28200:4.3:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-16 13:45 UTC by Gianluca Gabrielli
Modified: 2022-09-01 07:07 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gianluca Gabrielli 2021-06-16 13:45:33 UTC
via distros.

Open-Xchange Security Advisory 2021-06-21

Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-4159 (Bug ID)
Vulnerability type: CWE-400
Vulnerable version: 1.2.0-2.3.14
Vulnerable component: lmtp, lda
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.15
Vendor notification: 2020-09-23
Solution date: 2020-12-07
Public disclosure: 2021-06-21
CVE reference: CVE-2020-28200
CVSS: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
Researcher credit: Innokentii Sennovskii from BI.ZONE
Vulnerability Details:

Sieve interpreter is not protected against abusive scripts that claim
excessive resource usage. Especially scripts using massive amounts of
regexps.

Risk:

Attacker can DoS the mail delivery system by using excessive amount of
CPU and/or reaching the lmtp/lda process limits.

Workaround:

Disabling the regex sieve extension avoids the worst problems.
lmtp_user_concurrency_limit may also be helpful.

Solution:

Operators should update to 2.3.15 or later version.
Comment 4 Gianluca Gabrielli 2021-06-22 12:59:03 UTC
This is now public.
Comment 6 Swamp Workflow Management 2021-08-31 22:17:20 UTC
# maintenance_jira_update_notice
SUSE-SU-2021:2890-1: An update that solves two vulnerabilities, contains one feature and has one errata is now available.

Category: security (moderate)
Bug References: 1187418,1187419,1187420
CVE References: CVE-2020-28200,CVE-2021-29157
JIRA References: SLE-19970
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    dovecot23-2.3.15-4.38.3
SUSE Linux Enterprise Server 15-LTSS (src):    dovecot23-2.3.15-4.38.3
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    dovecot23-2.3.15-4.38.3
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    dovecot23-2.3.15-4.38.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2021-08-31 22:21:03 UTC
# maintenance_jira_update_notice
SUSE-SU-2021:2892-1: An update that solves two vulnerabilities, contains one feature and has one errata is now available.

Category: security (moderate)
Bug References: 1187418,1187419,1187420
CVE References: CVE-2020-28200,CVE-2021-29157
JIRA References: SLE-19970
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    dovecot23-2.3.15-58.3
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    dovecot23-2.3.15-58.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2021-08-31 22:22:32 UTC
# maintenance_jira_update_notice
SUSE-SU-2021:2891-1: An update that solves two vulnerabilities, contains one feature and has one errata is now available.

Category: security (moderate)
Bug References: 1187418,1187419,1187420
CVE References: CVE-2020-28200,CVE-2021-29157
JIRA References: SLE-19970
Sources used:
SUSE Manager Server 4.0 (src):    dovecot23-2.3.15-27.3
SUSE Manager Retail Branch Server 4.0 (src):    dovecot23-2.3.15-27.3
SUSE Manager Proxy 4.0 (src):    dovecot23-2.3.15-27.3
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    dovecot23-2.3.15-27.3
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    dovecot23-2.3.15-27.3
SUSE Linux Enterprise Server 15-SP1-BCL (src):    dovecot23-2.3.15-27.3
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    dovecot23-2.3.15-27.3
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    dovecot23-2.3.15-27.3
SUSE Enterprise Storage 6 (src):    dovecot23-2.3.15-27.3
SUSE CaaS Platform 4.0 (src):    dovecot23-2.3.15-27.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2021-08-31 22:24:48 UTC
# maintenance_jira_update_notice
openSUSE-SU-2021:2892-1: An update that solves two vulnerabilities, contains one feature and has one errata is now available.

Category: security (moderate)
Bug References: 1187418,1187419,1187420
CVE References: CVE-2020-28200,CVE-2021-29157
JIRA References: SLE-19970
Sources used:
openSUSE Leap 15.3 (src):    dovecot23-2.3.15-58.3
Comment 10 Swamp Workflow Management 2021-09-04 01:16:36 UTC
# maintenance_jira_update_notice
openSUSE-SU-2021:1225-1: An update that solves two vulnerabilities, contains one feature and has one errata is now available.

Category: security (moderate)
Bug References: 1187418,1187419,1187420
CVE References: CVE-2020-28200,CVE-2021-29157
JIRA References: SLE-19970
Sources used:
openSUSE Leap 15.2 (src):    dovecot23-2.3.15-lp152.2.12.1
Comment 11 Thomas Leroy 2022-08-24 15:13:51 UTC
SUSE:SLE-12:Updat/dovecot22 looks also affected. Peter, could you please submit a fix? :)
Comment 17 Thomas Leroy 2022-09-01 07:07:27 UTC
A note has been published here [0]. Everything is done. Closing

[0] https://www.suse.com/security/cve/CVE-2020-28200.html