Timo Sirainen
2021-Jun-21 11:51 UTC
[Dovecot-news] CVE-2021-33515: SMTP Submission service STARTTLS injection
Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4583 (Bug ID) Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection') Vulnerable version: 2.3.0-2.3.14 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification: 2021-05-21 Solution date: 2021-05-22 Public disclosure: 2021-06-21 CVE reference: CVE-2021-33515 CVSS: 4.2 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N) Researcher credit: Fabian Ising and Damian Poddebniak of M?nster University of Applied Sciences Vulnerability Details: On-path attacker could inject plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client. Only the SMTP submission service is affected. Risk: Attacker can potentially steal user credentials and mails. The attacker needs to have sending permissions on the submission server (a valid username and password). Workaround: None. Solution: Operators should update to 2.3.14.1 or later version.
lists at lazygranch.com
2021-Jun-22 09:11 UTC
CVE-2021-33515: SMTP Submission service STARTTLS injection
On Mon, 21 Jun 2021 13:51:30 +0200 Timo Sirainen <timo at sirainen.com> wrote:> Open-Xchange Security Advisory 2021-06-21 > > Product: Dovecot > Vendor: OX Software GmbH > Internal reference: DOV-4583 (Bug ID) > Vulnerability type: CWE-74: Failure to Sanitize Data into a Different > Plane ('Injection') Vulnerable version: 2.3.0-2.3.14 > Vulnerable component: submission > Report confidence: Confirmed > Solution status: Fixed by Vendor > Fixed version: 2.3.14.1 > Vendor notification: 2021-05-21 > Solution date: 2021-05-22 > Public disclosure: 2021-06-21 > CVE reference: CVE-2021-33515 > CVSS: 4.2 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N) > Researcher credit: Fabian Ising and Damian Poddebniak of M?nster > University of Applied Sciences > > Vulnerability Details: > > On-path attacker could inject plaintext commands before STARTTLS > negotiation that would be executed after STARTTLS finished with the > client. Only the SMTP submission service is affected. > > Risk: > > Attacker can potentially steal user credentials and mails. The > attacker needs to have sending permissions on the submission server > (a valid username and password). > > Workaround: > > None. > > Solution: > > Operators should update to 2.3.14.1 or later version. >Centos 7 has no repo with 2.3.15. I am using 2.2.36 (1f10bfa63). Is this OK? This is my personal server, hence all the accounts are mine, so it isn't like I am going to hack myself.
Apparently Analagous Threads
- CVE-2021-33515: SMTP Submission service STARTTLS injection
- CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
- CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
- CVE-2019-19722: Critical vulnerability in Dovecot
- CVE-2019-19722: Critical vulnerability in Dovecot