ASA-202101-4 - log back

ASA-202101-4 edited at 05 Jan 2021 08:03:59
Workaround
- Operators can choose to disable IMAP hibernation. IMAP hibernation is not on by default. To ensure imap hibernation is disabled, make sure imap_hibernate_timeout is set to 0 or unset.
+ Operators can choose to disable IMAP hibernation. IMAP hibernation is
+ not on by default. To ensure imap hibernation is disabled, make sure
+ imap_hibernate_timeout is set to 0 or unset.
Impact
Malicious senders could crash dovecot repeatedly by sending/uploading messages with more than 10 000 MIME parts.
In addition, when imap hibernation is active, a remote, authenticated attacker can cause dovecot to discover the file system directory structure and access other users' emails using a specially crafted command.
ASA-202101-4 edited at 05 Jan 2021 07:46:26
ASA-202101-4 edited at 05 Jan 2021 07:46:20
ASA-202101-4 edited at 04 Jan 2021 15:37:18
Workaround
+ Operators can choose to disable IMAP hibernation. IMAP hibernation is not on by default. To ensure imap hibernation is disabled, make sure imap_hibernate_timeout is set to 0 or unset.
Impact
+ Malicious senders could crash dovecot repeatedly by sending/uploading messages with more than 10 000 MIME parts.
+ In addition, when imap hibernation is active, a remote, authenticated attacker can cause dovecot to discover the file system directory structure and access other users' emails using a specially crafted command.
ASA-202101-4 created at 04 Jan 2021 15:35:46