FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dovecot -- Dovecot DoS when passdb dict was used for authentication

Affected packages
2.2.25_6 < dovecot < 2.2.29
2.2.25_6 < dovecot2 < 2.2.29

Details

VuXML ID a8c8001b-216c-11e7-80aa-005056925db4
Discovery 2016-12-01
Entry 2017-04-30

Timo Sirainen reports:

passdb/userdb dict: Don't double-expand %variables in keys. If dict was used as the authentication passdb, using specially crafted %variables in the username could be used to cause DoS.

References

CVE Name CVE-2017-2669
Message https://dovecot.org/list/dovecot-news/2017-April/000341.html
Message https://dovecot.org/list/dovecot-news/2017-April/000342.html