header-logo
Suggest Exploit
vendor:
Dovecot
by:
SecurityFocus
7.5
CVSS
HIGH
Denial-of-Service
400
CWE
Product Name: Dovecot
Affected Version From: 1.1.2004
Affected Version To: 1.1.2005
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2007

Dovecot Remote Denial-of-Service Vulnerability

Dovecot is prone to a remote denial-of-service vulnerability because it fails to handle certain specially crafted email headers. An attacker can exploit this issue to prevent recipients from accessing their mailboxes. For an exploit to succeed, the IMAP client connecting to Dovecot must use the FETCH ENVELOPE command.

Mitigation:

Ensure that Dovecot is updated to the latest version.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/31997/info

Dovecot is prone to a remote denial-of-service vulnerability because it fails to handle certain specially crafted email headers.

An attacker can exploit this issue to prevent recipients from accessing their mailboxes.

For an exploit to succeed, the IMAP client connecting to Dovecot must use the FETCH ENVELOPE command.

The issue affects Dovecot 1.1.4 and 1.1.5. 

The following invalid message address header is sufficient to trigger this issue:

"From: ("

Navigation

Suggest Exploit

Services By CQR