CVE-2017-2669 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Denial of service |
| Description | A security issue has been found in Dovecot >= 2.2.26 and <= 2.2.28. If the "dict" passdb is used for authentication, the username sent by the client is passed to the var_expand() function and double expansion of %-variables is performed. A remote unauthenticated attacker could then send a specially crafted username containing %variables to cause a denial of service. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-238 | dovecot | 2.2.28-3 | 2.2.29.1-1 | Medium | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 01 May 2017 | ASA-201705-1 | AVG-238 | dovecot | Medium | denial of service |
| References |
|---|
https://dovecot.org/list/dovecot-news/2017-April/000341.html https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735.patch |