LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

dovecot: denial of service, possible mailbox corruption

Package(s):dovecot CVE #(s):CVE-2011-1929
Created:May 26, 2011 Updated:September 23, 2011
Description:

From the Mandriva advisory:

lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' (NUL) characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message (CVE-2011-1929).

Alerts:
Gentoo 201110-04 2011-10-10
CentOS CESA-2011:1187 2011-09-22
CentOS CESA-2011:1187 2011-08-19
Scientific Linux SL-dove-20110818 2011-08-18
Red Hat RHSA-2011:1187-01 2011-08-18
Fedora FEDORA-2011-7612 2011-05-27
Debian DSA-2252-1 2011-06-02
Ubuntu USN-1143-1 2011-06-02
SUSE SUSE-SR:2011:010 2011-05-31
Fedora FEDORA-2011-7258 2011-05-19
Fedora FEDORA-2011-7268 2011-05-19
openSUSE openSUSE-SU-2011:0540-1 2011-05-26
Mandriva MDVSA-2011:101 2011-05-26
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds