Vulnerability CVE-2010-0745 - CERT Civis.Net

Vulnerability Name:

CVE-2010-0745 (CCN-56763)

Assigned:

2010-03-08

Published:

2010-03-08

Updated:

2010-06-03

Summary:

Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2010-0745

Source: MLIST
Type: Patch, Vendor Advisory
[dovecot-news] 20100308 v1.2.11 released

Source: MLIST
Type: UNKNOWN
[dovecot] 20100227 Possible CPU Denial-Of-Service attack to dovecot IMAP.

Source: SUSE
Type: UNKNOWN
SUSE-SR:2010:011

Source: MLIST
Type: UNKNOWN
[oss-security] 20100401 Re: CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header

Source: CCN
Type: SA38881
Dovecot Mailbox Large Header Denial of Service

Source: CONFIRM
Type: UNKNOWN
http://security-tracker.debian.org/tracker/CVE-2010-0745

Source: CCN
Type: Dovecot Web Site
[Dovecot-news] v1.2.11 released

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2010:104

Source: MLIST
Type: UNKNOWN
[oss-security] 20100310 CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header

Source: CCN
Type: OSVDB ID: 62796
Dovecot mbox Format Email Header Handling DoS

Source: CCN
Type: OSVDB ID: 64783
Dovecot E-mail Message Header Unspecified DoS

Source: VUPEN
Type: Vendor Advisory
ADV-2010-1107

Source: VUPEN
Type: UNKNOWN
ADV-2010-1226

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=572268

Source: XF
Type: UNKNOWN
dovecot-header-dos(56763)

Source: SUSE
Type: SUSE-SR:2010:011
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:dovecot:dovecot:1.2.0:-:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.2.3:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.2.4:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.2.5:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.2.6:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.2.7:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.2.8:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.2.9:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.2.10:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20100745	V	CVE-2010-0745	2015-11-16