Debian Security Advisory DSA 2954-1 (dovecot - Security Update) Network Vulnerability

Summary

It was discovered that the Dovecot email server is vulnerable to a denial of service attack against imap/pop3-login processes due to incorrect handling of the closure of inactive SSL/TLS connections.

Solution

For the stable distribution (wheezy), this problem has been fixed in version 1:2.1.7-7+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 1:2.2.13~rc1-1. For the unstable distribution (sid), this problem has been fixed in version 1:2.2.13~rc1-1. We recommend that you upgrade your dovecot packages.

Affected

dovecot on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2014/dsa-2954.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-3430

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1022-1 (storebackup)
Debian Security Advisory DSA 055-1 (gftp)
Debian Security Advisory DSA 050-1 (sendfile)
Debian Security Advisory DSA 1071-1 (mysql)
Debian Security Advisory DSA 1079-1 (mysql-dfsg)

Debian Security Advisory DSA 2954-1 (dovecot - security update)

Take action and discover your vulnerabilities