Dovecot CVE-2017-2669 Denial of Service Vulnerability

Dovecot is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue to cause the process to crash, restart, or excessive CPU usage leading to a denial-of-service condition.

Dovecot 2.2.26 through 2.2.28 are vulnerable.

Information

Bugtraq ID: 97536
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-2669

Remote: Yes
Local: No
Published: Apr 10 2017 12:00AM
Updated: Apr 17 2017 12:04AM
Credit: The vendor reported this issue.
Vulnerable: Ubuntu Ubuntu Linux 16.10
Ubuntu Ubuntu Linux 16.04 LTS
Dovecot Dovecot 2.2.28
Dovecot Dovecot 2.2.27.1rc1
Dovecot Dovecot 2.2.26.1
Dovecot Dovecot 2.2.26.0

Not Vulnerable: Dovecot Dovecot 2.2.29

References:

Dovecot Homepage (Dovecot)
auth-db-dict: Allow key name expansion (Github)
Bug 1438676 - (CVE-2017-2669) CVE-2017-2669 dovecot: Dovecot DoS when passdb dic (Redhat)

Source: www.securityfocus.com

Exploit Collector

Search Exploit

Dovecot CVE-2017-2669 Denial of Service Vulnerability

Information