Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2014-386
HistoryJul 23, 2014 - 2:09 p.m.

Medium: dovecot

2014-07-2314:09:00
alas.aws.amazon.com
11

0.091 Low

EPSS

Percentile

94.6%

JSON

Issue Overview:

Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection.

Affected Packages:

dovecot

Issue Correction:
Run yum update dovecot to update your system.

New Packages:

i686:  
    dovecot-pigeonhole-2.0.9-7.14.amzn1.i686  
    dovecot-devel-2.0.9-7.14.amzn1.i686  
    dovecot-debuginfo-2.0.9-7.14.amzn1.i686  
    dovecot-2.0.9-7.14.amzn1.i686  
    dovecot-mysql-2.0.9-7.14.amzn1.i686  
    dovecot-pgsql-2.0.9-7.14.amzn1.i686  
  
src:  
    dovecot-2.0.9-7.14.amzn1.src  
  
x86_64:  
    dovecot-debuginfo-2.0.9-7.14.amzn1.x86_64  
    dovecot-pigeonhole-2.0.9-7.14.amzn1.x86_64  
    dovecot-devel-2.0.9-7.14.amzn1.x86_64  
    dovecot-pgsql-2.0.9-7.14.amzn1.x86_64  
    dovecot-mysql-2.0.9-7.14.amzn1.x86_64  
    dovecot-2.0.9-7.14.amzn1.x86_64

Additional References

Red Hat: CVE-2014-3430

Mitre: CVE-2014-3430

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686dovecot-pigeonhole< 2.0.9-7.14.amzn1dovecot-pigeonhole-2.0.9-7.14.amzn1.i686.rpm
Amazon Linux1i686dovecot-devel< 2.0.9-7.14.amzn1dovecot-devel-2.0.9-7.14.amzn1.i686.rpm
Amazon Linux1i686dovecot-debuginfo< 2.0.9-7.14.amzn1dovecot-debuginfo-2.0.9-7.14.amzn1.i686.rpm
Amazon Linux1i686dovecot< 2.0.9-7.14.amzn1dovecot-2.0.9-7.14.amzn1.i686.rpm
Amazon Linux1i686dovecot-mysql< 2.0.9-7.14.amzn1dovecot-mysql-2.0.9-7.14.amzn1.i686.rpm
Amazon Linux1i686dovecot-pgsql< 2.0.9-7.14.amzn1dovecot-pgsql-2.0.9-7.14.amzn1.i686.rpm
Amazon Linux1x86_64dovecot-debuginfo< 2.0.9-7.14.amzn1dovecot-debuginfo-2.0.9-7.14.amzn1.x86_64.rpm
Amazon Linux1x86_64dovecot-pigeonhole< 2.0.9-7.14.amzn1dovecot-pigeonhole-2.0.9-7.14.amzn1.x86_64.rpm
Amazon Linux1x86_64dovecot-devel< 2.0.9-7.14.amzn1dovecot-devel-2.0.9-7.14.amzn1.x86_64.rpm
Amazon Linux1x86_64dovecot-pgsql< 2.0.9-7.14.amzn1dovecot-pgsql-2.0.9-7.14.amzn1.x86_64.rpm
Rows per page:
1-10 of 121

Related

nessus 12
osv 1
ubuntucve 1
cve 1
openvas 14
mageia 1
fedora 3
debian 4
veracode 1
gentoo 1
ubuntu 1
redhat 1
cvelist 1
prion 1
oraclelinux 1
debiancve 1
centos 1
securityvulns 1
nessus
nessus
Debian DSA-2954-1 : dovecot - security update
2014-06-10 00:00:00
Scientific Linux Security Update : dovecot on SL6.x i386/srpm/x86_64 (20140625)
2014-06-26 00:00:00
Fedora 19 : dovecot-2.2.13-1.fc19 (2014-6331)
2014-06-18 00:00:00
osv
osv
dovecot - security update
2014-06-09 00:00:00
ubuntucve
ubuntucve
CVE-2014-3430
2014-05-13 00:00:00
cve
cve
CVE-2014-3430
2014-05-14 19:55:00
openvas
openvas
RedHat Update for dovecot RHSA-2014:0790-01
2014-07-01 00:00:00
Debian: Security Advisory (DSA-2954-1)
2014-06-08 00:00:00
Gentoo Security Advisory GLSA 201412-03
2015-09-29 00:00:00
mageia
mageia
Updated dovecot packages fix security vulnerability
2014-05-17 04:38:24
fedora
fedora
[SECURITY] Fedora 19 Update: dovecot-2.2.13-1.fc19
2014-06-17 23:38:27
[SECURITY] Fedora 20 Update: dovecot-2.2.13-1.fc20
2014-05-18 22:56:49
[SECURITY] Fedora 20 Update: dovecot-2.2.16-2.fc20
2015-05-19 16:26:41
debian
debian
dovecot security update
2014-06-11 16:56:06
[SECURITY] [DSA 2954-1] dovecot security update
2014-06-09 18:02:51
[SECURITY] [DSA 2954-1] dovecot security update
2014-06-09 18:02:29
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:54:35
gentoo
gentoo
Dovecot: Denial of service
2014-12-08 00:00:00
ubuntu
ubuntu
Dovecot vulnerability
2014-05-15 00:00:00
redhat
redhat
(RHSA-2014:0790) Moderate: dovecot security update
2014-06-25 00:00:00
cvelist
cvelist
CVE-2014-3430
2014-05-14 19:00:00
prion
prion
Design/Logic Flaw
2014-05-14 19:55:00
oraclelinux
oraclelinux
dovecot security update
2014-06-25 00:00:00
debiancve
debiancve
CVE-2014-3430
2014-05-14 19:55:00
centos
centos
dovecot security update
2014-06-25 19:00:49
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-05-10 00:00:00

0.091 Low

EPSS

Percentile

94.6%

JSON
Related for ALAS-2014-386
nessus12osv1ubuntucve1cve1openvas14mageia1fedora3debian4veracode1gentoo1ubuntu1redhat1cvelist1prion1oraclelinux1debiancve1centos1securityvulns1