dovecot: Multiple vulnerabilities (CVE-2020-25275, CVE-2020-24386)
CVE-2020-25275: MIME parsing crash
Mail delivery / parsing crashed when the 10 000th MIME part was message/rfc822 (or if parent was multipart/digest). This happened due to earlier MIME parsing changes for CVE-2020-12100.
Vulnerable version: 2.3.11-2.3.11.3
Fixed version: 2.3.13
References:
- https://dovecot.org/pipermail/dovecot-news/2021-January/000451.html
- https://www.openwall.com/lists/oss-security/2021/01/04/3
CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
When imap hibernation is active, an attacker can cause Dovecot to discover file system directory structure and access other users' emails using specially crafted command. The attacker must have valid credentials to access the mail server.
Vulnerable version: 2.2.26-2.3.11.3
Fixed version: 2.3.13
References:
- https://www.openwall.com/lists/oss-security/2021/01/04/4
- https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html