ID CVE-2010-3780
Summary Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
References
Vulnerable Configurations
  • cpe:2.3:a:dovecot:dovecot:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.2.14:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 27-08-2011 - 03:44)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 641276
title CVE-2010-3780 Dovecot: Busy master process, receiving a lot of SIGCHLD signals rapidly while logging, could die
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 6 is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • comment dovecot is earlier than 1:2.0.9-2.el6
          oval oval:com.redhat.rhsa:tst:20110600001
        • comment dovecot is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110600002
      • AND
        • comment dovecot-devel is earlier than 1:2.0.9-2.el6
          oval oval:com.redhat.rhsa:tst:20110600003
        • comment dovecot-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110600004
      • AND
        • comment dovecot-mysql is earlier than 1:2.0.9-2.el6
          oval oval:com.redhat.rhsa:tst:20110600005
        • comment dovecot-mysql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110600006
      • AND
        • comment dovecot-pgsql is earlier than 1:2.0.9-2.el6
          oval oval:com.redhat.rhsa:tst:20110600007
        • comment dovecot-pgsql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110600008
      • AND
        • comment dovecot-pigeonhole is earlier than 1:2.0.9-2.el6
          oval oval:com.redhat.rhsa:tst:20110600009
        • comment dovecot-pigeonhole is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110600010
rhsa
id RHSA-2011:0600
released 2011-05-19
severity Moderate
title RHSA-2011:0600: dovecot security and enhancement update (Moderate)
rpms
  • dovecot-1:2.0.9-2.el6
  • dovecot-debuginfo-1:2.0.9-2.el6
  • dovecot-devel-1:2.0.9-2.el6
  • dovecot-mysql-1:2.0.9-2.el6
  • dovecot-pgsql-1:2.0.9-2.el6
  • dovecot-pigeonhole-1:2.0.9-2.el6
refmap via4
mandriva MDVSA-2010:217
mlist [dovecot] 20101002 v1.2.15 released
secunia 43220
ubuntu USN-1059-1
vupen
  • ADV-2010-2840
  • ADV-2011-0301
Last major update 27-08-2011 - 03:44
Published 06-10-2010 - 21:00
Last modified 27-08-2011 - 03:44
Back to Top