CVE-2010-0745 - OpenCVE

Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Dovecot	Dovecot

Configuration 1 [-]

OR	cpe:2.3:a:dovecot:dovecot:1.2.0:::::::*
	cpe:2.3:a:dovecot:dovecot:1.2.1:::::::*
	cpe:2.3:a:dovecot:dovecot:1.2.2:::::::*
	cpe:2.3:a:dovecot:dovecot:1.2.3:::::::*
	cpe:2.3:a:dovecot:dovecot:1.2.4:::::::*
	cpe:2.3:a:dovecot:dovecot:1.2.5:::::::*
	cpe:2.3:a:dovecot:dovecot:1.2.6:::::::*
	cpe:2.3:a:dovecot:dovecot:1.2.7:::::::*
	cpe:2.3:a:dovecot:dovecot:1.2.8:::::::*
	cpe:2.3:a:dovecot:dovecot:1.2.9:::::::*
	cpe:2.3:a:dovecot:dovecot:1.2.10:::::::*

References

Link	Resource
http://dovecot.org/list/dovecot-news/2010-March/000152.html	Patch Vendor Advisory
http://dovecot.org/pipermail/dovecot/2010-February/047190.html
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
http://marc.info/?l=oss-security&m=127013715227551&w=2
http://security-tracker.debian.org/tracker/CVE-2010-0745
http://www.mandriva.com/security/advisories?name=MDVSA-2010:104
http://www.openwall.com/lists/oss-security/2010/03/10/6
http://www.vupen.com/english/advisories/2010/1107	Vendor Advisory
http://www.vupen.com/english/advisories/2010/1226
https://bugzilla.redhat.com/show_bug.cgi?id=572268

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2010-05-20T17:00:00

Updated: 2010-04-30T09:00:00

Reserved: 2010-02-26T00:00:00

Link: CVE-2010-0745

JSON object: View

NVD Information

Status : Modified

Published: 2010-05-20T17:30:01.287

Modified: 2010-06-03T05:54:53.670

Link: CVE-2010-0745

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-02-27T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-04-30T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://security-tracker.debian.org/tracker/CVE-2010-0745"}, {"name": "ADV-2010-1107", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1107"}, {"name": "[dovecot] 20100227 Possible CPU Denial-Of-Service attack to dovecot IMAP.", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://dovecot.org/pipermail/dovecot/2010-February/047190.html"}, {"name": "SUSE-SR:2010:011", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"}, {"name": "MDVSA-2010:104", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:104"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=572268"}, {"name": "ADV-2010-1226", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1226"}, {"name": "[oss-security] 20100310 CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/03/10/6"}, {"name": "[dovecot-news] 20100308 v1.2.11 released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://dovecot.org/list/dovecot-news/2010-March/000152.html"}, {"name": "[oss-security] 20100401 Re: CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127013715227551&w=2"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-0745", "datePublished": "2010-05-20T17:00:00", "dateReserved": "2010-02-26T00:00:00", "dateUpdated": "2010-04-30T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CD2D1C99-0594-4378-AA6C-EC2E890E41FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "96F35305-79B4-49CD-A89F-A559CA9EEB33", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "EDC7E277-A5AE-4025-8412-E715D1C8C0F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "0DBE1D51-B9D5-4E59-81F6-C6937DA78637", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "30B37ACE-64EA-49E7-B836-C3F05CAE0392", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "1204F5C2-916D-4C27-A5C4-5B5E0AAA7322", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "A0C46C8A-EA49-4356-BA6B-8EC0F2E70B3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "96F54038-B17B-40C0-9C2E-20AF55E7602B", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "BBB0B72A-1C7D-4F89-BE89-CD82F667CB76", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "FEF89EB6-CBF5-48DF-8FDD-2C0AE0266B3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "41B2B3D8-EB69-4BD8-ACD5-CB6BFDE6B2FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en Dovecot v1.2.x anterior a 1.2.11 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo CPU) a trav\u00e9s de una larga cabecera en un mensaje de e-mail"}], "id": "CVE-2010-0745", "lastModified": "2010-06-03T05:54:53.670", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-05-20T17:30:01.287", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://dovecot.org/list/dovecot-news/2010-March/000152.html"}, {"source": "secalert@redhat.com", "url": "http://dovecot.org/pipermail/dovecot/2010-February/047190.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=oss-security&m=127013715227551&w=2"}, {"source": "secalert@redhat.com", "url": "http://security-tracker.debian.org/tracker/CVE-2010-0745"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:104"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2010/03/10/6"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1107"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2010/1226"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=572268"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}