Описание
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| dovecot | fixed | 1:2.2.13-12 | package | |
| dovecot | fixed | 1:2.2.13-12~deb8u1 | jessie | package |
| dovecot | not-affected | wheezy | package | |
| dovecot | not-affected | squeeze | package |
Примечания
https://www.openwall.com/lists/oss-security/2015/04/26/3
Patch: http://web.archive.org/web/20150907231530/http://hg.dovecot.org/dovecot-2.2/rev/86f535375750
Segfault reproducible if using openssl/1.0.2a-1 from sid.
http://dovecot.org/pipermail/dovecot/2015-April/100579.html
It is openssl crashing but because dovecot ignores an erlier
returned error from dovecot, related to openssl bug:
https://rt.openssl.org/Ticket/Display.html?id=3818&user=guest&pass=guest
Possibly introduced due to http://web.archive.org/web/20150121182933/http://hg.dovecot.org:80/dovecot-2.2/rev/09d3c9c6f0ad
EPSS
Связанные уязвимости
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.
EPSS