dovecot-2.3.16-6.el8_10
エラータID: AXSA:2024-8878:05
リリース日:
2024/10/03 Thursday - 13:25
題名:
dovecot-2.3.16-6.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Dovecot には、意図せず CPU リソースを消費してしまう問題が
あるため、リモートの攻撃者により、From、To、Cc、Bcc など
の電子メールアドレスのヘッダーが多数存在するように巧妙に
細工された電子メールの処理を介して、サービス拒否攻撃 (CPU
リソースの枯渇) を可能とする脆弱性が存在します。
(CVE-2024-23184)
- Dovecot には、処理に用いるバッファーのサイズに制限を設けて
いない問題があるため、リモートの攻撃者により、非常に大きい
サイズのヘッダーを持つように細工された電子メールの処理を
介して、サービス拒否攻撃 (リソースの枯渇) を可能とする脆弱性
が存在します。(CVE-2024-23185)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-23184
Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors sending emails to a victim, this is a security issue. An external attacker can send specially crafted messages that consume target system resources and cause outage. One can implement restrictions on address headers on MTA component preceding Dovecot. No publicly available exploits are known.
Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors sending emails to a victim, this is a security issue. An external attacker can send specially crafted messages that consume target system resources and cause outage. One can implement restrictions on address headers on MTA component preceding Dovecot. No publicly available exploits are known.
CVE-2024-23185
Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "full_value" buffer out of the smaller chunks. The full_value buffer has no size limit, so large headers can cause large memory usage. It doesn't matter whether it's a single long header line, or a single header split into multiple lines. This bug exists in all Dovecot versions. Incoming mails typically have some size limits set by MTA, so even largest possible header size may still fit into Dovecot's vsz_limit. So attackers probably can't DoS a victim user this way. A user could APPEND larger mails though, allowing them to DoS themselves (although maybe cause some memory issues for the backend in general). One can implement restrictions on headers on MTA component preceding Dovecot. No publicly available exploits are known.
Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "full_value" buffer out of the smaller chunks. The full_value buffer has no size limit, so large headers can cause large memory usage. It doesn't matter whether it's a single long header line, or a single header split into multiple lines. This bug exists in all Dovecot versions. Incoming mails typically have some size limits set by MTA, so even largest possible header size may still fit into Dovecot's vsz_limit. So attackers probably can't DoS a victim user this way. A user could APPEND larger mails though, allowing them to DoS themselves (although maybe cause some memory issues for the backend in general). One can implement restrictions on headers on MTA component preceding Dovecot. No publicly available exploits are known.
追加情報:
N/A
ダウンロード:
SRPMS
- dovecot-2.3.16-6.el8_10.src.rpm
MD5: a214b27421976df9cc92e5dbc0c90365
SHA-256: 698fb06e79a52abffc991721ba61d3251d88489154af48ecf36eb4c6aa9640b3
Size: 9.23 MB
Asianux Server 8 for x86_64
- dovecot-2.3.16-6.el8_10.i686.rpm
MD5: 6b2055a2dbf81aeeb191f39738e35d97
SHA-256: 8b1dddc99780d650b289f8fae14702ec816721da3ae0145bb04eddc523cd3d44
Size: 5.62 MB - dovecot-2.3.16-6.el8_10.x86_64.rpm
MD5: e24be458765dd923d53ff313ab5c6ffd
SHA-256: 45feecf2c92a5c3ee8b257548ff728d5765dca4e385f18aa5c8fdb42a5b74bff
Size: 5.22 MB - dovecot-devel-2.3.16-6.el8_10.i686.rpm
MD5: 5b1b7c7139142b438ad367f691d50653
SHA-256: d3815d1111cff4fe2a6530c73a63932cced499ff146f1c9cf4b96f22b2a98848
Size: 582.16 kB - dovecot-devel-2.3.16-6.el8_10.x86_64.rpm
MD5: b3eed1066dd491cc45e42368e742aaf6
SHA-256: be3ae033b3a8658ed24eaeacd84dfb744787c092b36026918b28f54f9aeb1bcb
Size: 582.16 kB - dovecot-mysql-2.3.16-6.el8_10.x86_64.rpm
MD5: e83ad5fdde48070122e249f979e444ab
SHA-256: 97c35dae244f24b0dfa43d29f47c5b8199c66e5755f668261133af7d47517854
Size: 101.09 kB - dovecot-pgsql-2.3.16-6.el8_10.x86_64.rpm
MD5: a98bf80f9238aba0280cc4c34a9c0021
SHA-256: c4e6bff97ca0e30052b69a705e13a137c64c73900de03ea5f0d59c4f7e1048f1
Size: 104.36 kB - dovecot-pigeonhole-2.3.16-6.el8_10.x86_64.rpm
MD5: 9bf78b0a4f2d9638a6d3ff763d22be28
SHA-256: c7af57f55dd1d043402be5d2b150ed71dca3664c495b05f4410813188fe672d3
Size: 484.23 kB