OESA-2021-1042 dovecot security update

Security Fixes: Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.CVE-2020-25275 An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an...

Dovecot 2.3.11.3 Denial Of Service Vulnerability

Dovecot 2.3.11.3 Denial Of Service Vulnerability Vendor: OX Software GmbH Internal reference: DOV-4113 Bug ID Vulnerability type: CWE-20: Improper Input Validation Vulnerable version: 2.3.11-2.3.11.3 Vulnerable component: lda, lmtp, imap Report confidence: Confirmed Solution status: Fixed by Vend...

UBUNTU-CVE-2020-12100

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service resource consumption via a crafted e-mail message with deeply nested MIME parts...

Alpha - execve() Shellcode (112 bytes)

char shellcode= "\x30\x15\xd9\x43" / subq $30,200,$16 / / $16 = $30 - 200 / $16 must have the shellcode address. However, before / / the bsr instruction, $16 can't have the address. / / This instruction just store the meaningless address. / / The all instruction before bsr are meaningless. /...

Exim with Dovecot LDA sender_address Parameter Remote Command Execution

A remote command execution vulnerability exist in Exim MTA that uses the Dovecot as the Local Delivery Agent LDA. The vulnerability is due to the dangerous configuration in Dovecot suggesting the "useshell" option. A remote attacker could exploit this vulnerability by sending a malicious...

dovecot security and enhancement update

2.0.9-2 - fix issues and assert crashes found in 2.0.9 lmtp,dotlock,zlib 2.0.9-1 - dovecot updated to 2.0.9 - fixed a high system CPU usage / high context switch count performance problem - lda: Fixed a crash when trying to send 'out of quota' reply 2.0.8-1 - dovecot updated to 2.0.8 fixes 654226...