dovecot: remote DoS via an incomplete SSL/TLS handshake (CVE-2014-3430)
Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection.
•MLIST:[Dovecot-news] 20140511 v2.2.13 released
•URL: http://dovecot.org/pipermail/dovecot-news/2014-May/000273.html
•MLIST:[dovecot] 20140508 Denial of Service attacks against Dovecot
v1.1+
•URL: http://permalink.gmane.org/gmane.mail.imap.dovecot/77499
•MLIST:[oss-security] 20140509 CVE request: Denial of Service attacks
against Dovecot v1.1+
•URL: http://www.openwall.com/lists/oss-security/2014/05/09/4
•MLIST:[oss-security] 20140509 Re: CVE request: Denial of Service
attacks against Dovecot v1.1+
•URL: http://www.openwall.com/lists/oss-security/2014/05/09/8
•UBUNTU:USN-2213-1
•URL: http://www.ubuntu.com/usn/USN-2213-1
•BID:67306
•URL: http://www.securityfocus.com/bid/67306
(from redmine: issue id 2956, created on 2014-05-23, closed on 2014-06-10)
- Relations:
- child #2957 (closed)
- child #2958 (closed)
- child #2959 (closed)