Описание
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-24386
- https://doc.dovecot.org/configuration_manual/hibernation
- https://dovecot.org/pipermail/dovecot-news/2021-January/000450.html
- https://dovecot.org/security
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXDKFLOCUP7I4ELGQ2F4P5TGC6NXMYV7
- https://security.gentoo.org/glsa/202101-01
- https://www.debian.org/security/2021/dsa-4825
- http://packetstormsecurity.com/files/160842/Dovecot-2.3.11.3-Access-Bypass.html
- http://seclists.org/fulldisclosure/2021/Jan/18
- http://www.openwall.com/lists/oss-security/2021/01/04/4
Связанные уязвимости
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, ...
