Revision Date: | 2018-06-21 | Version: | 1 | Title: | CVE-2017-2669 on Ubuntu 16.04 LTS (xenial) - medium. | Description: | Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang.
| Family: | unix | Class: | vulnerability | Status: | | Reference(s): | CVE-2017-2669
| Platform(s): | Ubuntu 16.04 LTS
| Product(s): | | Definition Synopsis | Ubuntu 16.04 LTS (xenial) is installed. AND Package Information
NOT dovecot-core package in xenial, while related to the CVE in some way, is not affected.
OR NOT dovecot-gssapi package in xenial, while related to the CVE in some way, is not affected.
OR NOT dovecot-imapd package in xenial, while related to the CVE in some way, is not affected.
OR NOT dovecot-ldap package in xenial, while related to the CVE in some way, is not affected.
OR NOT dovecot-lmtpd package in xenial, while related to the CVE in some way, is not affected.
OR NOT dovecot-lucene package in xenial, while related to the CVE in some way, is not affected.
OR NOT dovecot-managesieved package in xenial, while related to the CVE in some way, is not affected.
OR NOT dovecot-mysql package in xenial, while related to the CVE in some way, is not affected.
OR NOT dovecot-pgsql package in xenial, while related to the CVE in some way, is not affected.
OR NOT dovecot-pop3d package in xenial, while related to the CVE in some way, is not affected.
OR NOT dovecot-sieve package in xenial, while related to the CVE in some way, is not affected.
OR NOT dovecot-solr package in xenial, while related to the CVE in some way, is not affected.
OR NOT dovecot-sqlite package in xenial, while related to the CVE in some way, is not affected.
OR NOT mail-stack-delivery package in xenial, while related to the CVE in some way, is not affected.
|
|