similar to: CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 28 March 2019 16:37 Kevin A. McGrail via dovecot < <a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote: </div>

On 3/28/2019 7:42 AM, Aki Tuomi via dovecot wrote: > olution: > Operators should update to the latest Patch Release. The only workaround > is to disable FTS and pop3-uidl plugin. Hi Aki, thanks for the CVE.? For quick mitigation, can you confirm how to disable these plugins and what they provide?? We'd like to assess if we are using them while we rollout the fix. Regards, KAM

Hello Aki, I'm currently stuck with 2.2.33.2 as 2.2.36 still duplicates mails after pop3 deletion on a two node dsync cluster. Therefore I've created a small patch and it seems only these two files are affected: dovecot-2.2.36.3/src/lib-storage/index/index-pop3-uidl.c dovecot-2.2.36.3/src/plugins/fts/fts-api.c Please correct me if I have missed something. Best regards Gerald

On 3/28/2019 10:40 AM, Aki Tuomi wrote: > > check for fts in mail_plugins. pop3-uidl is used by pop3_migration > plugin. Sorry if I'm dense but can you be more specific?? Are you talking about checking conf files or binary files?? For example, does the existence of /usr/local/lib/dovecot/lib20_fts_plugin.so imply an exploitable situation?? Are their settings in a conf file that

https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig ??? * CVE-2019-7524: Missing input buffer size validation leads into ????? arbitrary buffer overflow when reading fts or pop3 uidl header ????? from Dovecot index. Exploiting this requires direct write access to ????? the index files. --- Aki Tuomi Open-Xchange oy

https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig ??? * CVE-2019-7524: Missing input buffer size validation leads into ????? arbitrary buffer overflow when reading fts or pop3 uidl header ????? from Dovecot index. Exploiting this requires direct write access to ????? the index files. --- Aki Tuomi Open-Xchange oy

Greetings, I have several users who have inboxes that are over 20 GB. Lately I have noticed Dovecot logs say it's taking over 30 seconds to sync their mailboxes. As email admins,? how do you handle inboxes that are so large? Do you use mailbox types that have better performance like dbox? We're using maildir. What's a reasonable inbox size?? Is 20+ GB reasonable and nothing to

On 25.09.19 12:29, Sami Ketola via dovecot wrote: > > >> On 25 Sep 2019, at 4.52, Plutocrat via dovecot <dovecot at dovecot.org> wrote: >> >> On 24/09/2019 10:14 PM, @lbutlr via dovecot wrote: >>> Did the target machine already have the user setup? I think dsync wants to sync mailboxes between configured and working servers with users already defined.

Timo, There is a problem with the dsync POP3 migration plugin when syncing a large INBOX. What happens is dsync establishes a connection to the POP3 server at the beginning of the sync, but then it sits there idle until it's used to sync the UIDLs. On a very large inbox with many thousands of messages it will be idle for longer than a POP3 server's idle timeout setting. When the UIDL

Possible Caching Bug showing up as a MIME Boundary Issue I'm using Dovecot version 1.0.0. I was using Dovecot version 1.0.0 beta3 or alpha4. I upgraded to Dovecot 1.0.0 to make sure that was not the issue. Over the past few weeks on a server running a stable dovecot, I have seem a few emails arriving where the MIME document structure dividers are visible. I've included a

https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig Binary packages in https://repo.dovecot.org/ ??? * CVE-2019-7524: Missing input buffer size validation leads into ????? arbitrary buffer overflow when reading fts or pop3 uidl header ????? from Dovecot index. Exploiting this requires direct write access to ????? the index files.

https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig Binary packages in https://repo.dovecot.org/ ??? * CVE-2019-7524: Missing input buffer size validation leads into ????? arbitrary buffer overflow when reading fts or pop3 uidl header ????? from Dovecot index. Exploiting this requires direct write access to ????? the index files.

Hi I am new to the mailing List, and was hoping to get some assistance migrating from an Old Cucipop + Sendmail server (running on a old Redhat v 7) to a new Dovecot setup. My new installation is Dovecot + Postfix. All is setup and working, however I want to trasnsfer the contents of the mailboxes from my old server to this new Dovecot setup. Please let me know what information will be required

hi all, this is needed to make the pop3_reuse_xuidl option work in 1.0alpha4. I am using maildir and I noticed that for each message which doesn't have an indexed X-UIDL header, the entire message is read from disk. as this is reading only headers, it is probably reasonable to stop reading at the end of the headers. it would also be neat if dovecot could be configured to only try reading

Hi, We're upgrading a cluster of servers from v1.0.15 to v1.1.x or v1.2.x. It appears that the UIDL generation mechanism has changed, and thus we'll be getting POP3 dups with users that leave mail on server (which is a nasty practice, I know). From checking the sources, and performing a number of controlled tests in various scenarios, here is the outcome: upgrade from 1.0.15 to

Hi there, I've just been experimenting with the latest courier-dovecot-migrate.pl script and I notice that it favours keeping pop3 UIDL ordering rather than IMAP UID preservation. There is this comment (line 312): # POP3 clients may want to get POP3 UIDLs in the same order always. # Preserve the order even if it causes IMAP UIDs to change. Does anyone have details as to which

Hello, I have a serious problem with dovecot and mbox format. dovecot returns the same UIDL for new messages and as result some MUAs don't retrieve new mail. UIDs returned by UIDL command look like 000000*1c*49006cec And there is a moment when dovecot stops incrementing marked digits. In other words when new message arrive to mbox, UIDL command returns used UID. I'll show with example:

Hello All! I am new to this list so I hope I'm not in the wrong list with my question. First, I have to say that dovecot is (in my opinion) one of the best POP3/IMAP servers arround. I especialy like its' simplicity (configuration) and powerfullness (speed, auth mechs). In my production environment I would like to cange from tpop3d to dovecot, but I have only one little problem :).

Hello! I am trying to migrate from Teapop to Dovecot. I'm using Dovecot 1.1.14. I need to make use of the X-UIDL header so clients don't download messages they've already received. I have the X-UIDL head in the message. I have pop3_reuse_xuidl(pop3): yes My problem is the X-UIDL in the message is being ignored and Dovecot is still generating it's own. The INBOX is an mbx

Hi all, I'm migrating a Postfix + Dovecot 1.0 server with mboxes to Qmail + Dovecot 1.4 with Maildirs and encounter the following the problem. Using perfect-maildir.pl from: http://perfectmaildir.home-dn.net/ i can relatively succesfully convert the mbox to a Maildir. The problem, however is that clients with "leave mail on server" set to on retrieve all email a 2nd time. I