CVE-2019-11499

CVE-2019-11499

Name

CVE-2019-11499

Description

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://www.dovecot.org/security.html
Product	https://www.dovecot.org/download.html
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XLI55NGRDTGMVOPYFCPPFNPA5VKYSSY/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHFZ5OWRIZGIWZJ5PTNVWWZNLLNH4XYS/
SUSE	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html
SUSE	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html

Type

URI

Vendor Advisory

https://www.dovecot.org/security.html

Product

https://www.dovecot.org/download.html

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XLI55NGRDTGMVOPYFCPPFNPA5VKYSSY/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHFZ5OWRIZGIWZJ5PTNVWWZNLLNH4XYS/

SUSE

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html

SUSE

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:dovecot:dovecot::::::::`	dovecot	>= 2.3.3	<= 2.3.5.2

CPE URI

Source package

Min version

Max version

cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*

dovecot

>= 2.3.3

<= 2.3.5.2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
dovecot	edge-main	2.3.6-r0	None	fixed
dovecot	edge-main	2.3.5.1-r0	None	possibly vulnerable
dovecot	edge-main	2.3.4.1-r0	None	possibly vulnerable
dovecot	3.22-main	2.3.6-r0	None	fixed
dovecot	3.22-main	2.3.5.1-r0	None	possibly vulnerable
dovecot	3.22-main	2.3.4.1-r0	None	possibly vulnerable
dovecot	3.21-main	2.3.6-r0	None	fixed
dovecot	3.21-main	2.3.5.1-r0	None	possibly vulnerable
dovecot	3.21-main	2.3.4.1-r0	None	possibly vulnerable
dovecot	3.20-main	2.3.6-r0	None	fixed
dovecot	3.20-main	2.3.5.1-r0	None	possibly vulnerable
dovecot	3.20-main	2.3.4.1-r0	None	possibly vulnerable
dovecot	3.19-main	2.3.6-r0	None	fixed
dovecot	3.19-main	2.3.5.1-r0	None	possibly vulnerable
dovecot	3.19-main	2.3.4.1-r0	None	possibly vulnerable
dovecot	3.18-main	2.3.6-r0	None	fixed
dovecot	3.17-main	2.3.6-r0	None	fixed
dovecot	3.12-main	2.3.6-r0	None	fixed
dovecot	3.11-main	2.3.6-r0	None	fixed
dovecot	3.10-main	2.3.6-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

dovecot

edge-main

2.3.6-r0

None

fixed

dovecot

edge-main