CVE-2021-33515

Related Files

Red Hat Security Advisory 2022-1950-01

Posted May 11, 2022

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1950-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.

tags | advisory, imap

systems | linux, redhat, unix

advisories | CVE-2021-33515

SHA-256 | c96d5111f5070a5af8936a5b285732d58b1ba5c094025f86d272acb9af844c39

Download | Favorite | View

Gentoo Linux Security Advisory 202107-41

Posted Jul 19, 2021

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-41 - Multiple vulnerabilities have been found in Dovecot, the worst of which could result in a Denial of Service condition. Versions less than 2.3.14.1 are affected.

tags | advisory, denial of service, vulnerability

systems | linux, gentoo

advisories | CVE-2021-29157, CVE-2021-33515

SHA-256 | 921a1009ced664a698c76a058ec91a52208799efb3c4fee94eb16caf0ca9dbed

Download | Favorite | View

Ubuntu Security Notice USN-4993-1

Posted Jun 21, 2021

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4993-1 - Kirin discovered that Dovecot incorrectly escaped kid and azp fields in JWT tokens. A local attacker could possibly use this issue to validate tokens using arbitrary keys. This issue only affected Ubuntu 20.10 and Ubuntu 21.04. Fabian Ising and Damian Poddebniak discovered that Dovecot incorrectly handled STARTTLS when using the SMTP submission service. A remote attacker could possibly use this issue to inject plaintext commands before STARTTLS negotiation. Various other issues were also addressed.

tags | advisory, remote, arbitrary, local

systems | linux, ubuntu

advisories | CVE-2021-29157, CVE-2021-33515

SHA-256 | 8070e4ff7c7ad7153e26bd392db955c947c13d14fa02d99a329da78fe2c25836

Download | Favorite | View