CVE-2017-2669 - OpenCVE

Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Dovecot	Dovecot

Configuration 1 [-]

cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2017/04/11/1	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/97536	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2669	Issue Tracking Third Party Advisory
https://dovecot.org/pipermail/dovecot-news/2017-April/000341.html	Vendor Advisory
https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735.patch	Third Party Advisory
https://www.debian.org/security/2017/dsa-3828	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2018-06-21T13:00:00

Updated: 2018-06-22T09:57:01

Reserved: 2016-12-01T00:00:00

Link: CVE-2017-2669

JSON object: View

NVD Information

Status : Modified

Published: 2018-06-21T13:29:00.317

Modified: 2019-10-09T23:27:03.807

Link: CVE-2017-2669

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "dovecot", "vendor": "[UNKNOWN]", "versions": [{"status": "affected", "version": "dovecot 2.2.29"}]}], "datePublic": "2017-04-10T00:00:00", "descriptions": [{"lang": "en", "value": "Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-06-22T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[dovecot-news] 20170410 v2.2.29 released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://dovecot.org/pipermail/dovecot-news/2017-April/000341.html"}, {"name": "[oss-security] 20170411 CVE-2017-2669: Dovecot DoS when passdb dict was used for authentication", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/04/11/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2669"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735.patch"}, {"name": "DSA-3828", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2017/dsa-3828"}, {"name": "97536", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97536"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-2669", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "dovecot", "version": {"version_data": [{"version_value": "dovecot 2.2.29"}]}}]}, "vendor_name": "[UNKNOWN]"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang."}]}, "impact": {"cvss": [[{"vectorString": "3.7/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "references": {"reference_data": [{"name": "[dovecot-news] 20170410 v2.2.29 released", "refsource": "MLIST", "url": "https://dovecot.org/pipermail/dovecot-news/2017-April/000341.html"}, {"name": "[oss-security] 20170411 CVE-2017-2669: Dovecot DoS when passdb dict was used for authentication", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/04/11/1"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2669", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2669"}, {"name": "https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735.patch", "refsource": "CONFIRM", "url": "https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735.patch"}, {"name": "DSA-3828", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-3828"}, {"name": "97536", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97536"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-2669", "datePublished": "2018-06-21T13:00:00", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2018-06-22T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6A0F511-D72E-464A-BA7B-477C9CC0B479", "versionEndIncluding": "2.2.28", "versionStartIncluding": "2.2.26", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang."}, {"lang": "es", "value": "Dovecot en versiones anteriores a la 2.2.29 es vulnerable a una denegaci\u00f3n de servicio (DoS). Cuando se emplearon los \"dict\" passdb y userdb para la autenticaci\u00f3n de usuarios, el nombre de usuario enviado por el cliente IMAP/POP3 se envi\u00f3 mediante var_expand() para realizar la expansi\u00f3n de %variable. El env\u00edo de campos %variable especialmente manipulados podr\u00eda resultar en un uso excesivo de memoria que provoca que el proceso se cierre inesperadamente (y se reinicie) o en un uso excesivo de CPU que provoca que todas las autenticaciones dejen de responder."}], "id": "CVE-2017-2669", "lastModified": "2019-10-09T23:27:03.807", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2018-06-21T13:29:00.317", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/04/11/1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97536"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2669"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://dovecot.org/pipermail/dovecot-news/2017-April/000341.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735.patch"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-3828"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "secalert@redhat.com", "type": "Secondary"}]}