CINXE.COM

<!DOCTYPE html> <html prefix="og: http://ogp.me/ns#" lang="en"> <script id="Cookiebot" src="https://consent.cookiebot.com/uc.js" data-cbid="da52fc49-8e48-42b7-9ad3-c219404f6f92" async type="text/javascript"></script> <head itemscope itemtype="https://docs.cpanel.net/"> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" /><title itemprop="name">CVE 2019 7524 Buffer overflow when reading extension header from Dovecot index files | cPanel &amp; WHM Documentation</title> <meta property="og:title" content="CVE 2019 7524 Buffer overflow when reading extension header from Dovecot index files | cPanel &amp; WHM Documentation" /> <meta name="twitter:title" content="CVE 2019 7524 Buffer overflow when reading extension header from Dovecot index files | cPanel &amp; WHM Documentation" /> <meta itemprop="name" content="CVE 2019 7524 Buffer overflow when reading extension header from Dovecot index files | cPanel &amp; WHM Documentation" /> <meta name="application-name" content="CVE 2019 7524 Buffer overflow when reading extension header from Dovecot index files | cPanel &amp; WHM Documentation" /> <meta property="og:site_name" content="cPanel &amp; WHM Documentation" /> <meta name="description" content="We were made aware of a CVE in Dovecot Versions 2.0.14 - 2.3.5 that involves using Solr on Thursday, March 28th 2019." /> <meta itemprop="description" content="We were made aware of a CVE in Dovecot Versions 2.0.14 - 2.3.5 that involves using Solr on Thursday, March 28th 2019." /> <meta property="og:description" content="We were made aware of a CVE in Dovecot Versions 2.0.14 - 2.3.5 that involves using Solr on Thursday, March 28th 2019." /> <meta name="twitter:description" content="We were made aware of a CVE in Dovecot Versions 2.0.14 - 2.3.5 that involves using Solr on Thursday, March 28th 2019." /> <base href="https://docs.cpanel.net/knowledge-base/important-notices/cve-2019-7524-buffer-overflow/"> <link rel="canonical" href="https://docs.cpanel.net/knowledge-base/important-notices/cve-2019-7524-buffer-overflow/" itemprop="url" /> <meta name="url" content="https://docs.cpanel.net/knowledge-base/important-notices/cve-2019-7524-buffer-overflow/" /> <meta name="twitter:url" content="https://docs.cpanel.net/knowledge-base/important-notices/cve-2019-7524-buffer-overflow/" /> <meta property="og:url" content="https://docs.cpanel.net/knowledge-base/important-notices/cve-2019-7524-buffer-overflow/" /> <meta property="og:locale" content="en"> <meta name="language" content="English"> <link rel="alternate" hreflang="en" href="https://docs.cpanel.net/knowledge-base/important-notices/cve-2019-7524-buffer-overflow/" title="English"> <link rel="sitemap" type="application/xml" title="Sitemap" href="https://docs.cpanel.net/sitemap.xml" /> <meta name='zd-site-verification' content='52kvy6fgdxk6v2yn98k0by' /> <meta property="og:type" content="article" /> <meta name="news_keywords" content="[security]" /> <meta property="article:section" content="[security]" /> <script defer type="application/ld+json"> { "@context": "http://schema.org", "@type": "Article", "headline": "CVE 2019 7524 Buffer overflow when reading extension header from Dovecot index files", "author": { "@type": "Person", "name": "" }, "datePublished": "0001-01-01", "description": "We were made aware of a CVE in Dovecot Versions 2.0.14 - 2.3.5 that involves using Solr on Thursday, March 28th 2019.", "wordCount": 433 , "mainEntityOfPage": "True", "dateModified": "2022-12-02", "image": { "@type": "imageObject", "url": "" }, "publisher": { "@type": "Organization", "name": "cPanel \u0026 WHM Documentation", "logo": { "@type": "imageObject", "url": "https://www.example.com/images/brand/favicon.png" } } } </script> <link rel=icon href=https://docs.cpanel.net/img/favicon.png> <link href="https://fonts.googleapis.com/css?family=Montserrat:400,700,800|Open+Sans:400,700,800" rel="stylesheet"> <link href="https://docs.cpanel.net/css/fontawesome_all.min.css" rel="stylesheet"> <link rel="stylesheet" href="https://docs.cpanel.net/css/bootstrap-css/bootstrap.min.css"> <link rel="stylesheet" href="https://docs.cpanel.net/css/prism_dark.min.css"> <link rel="stylesheet" href="https://docs.cpanel.net/sass/main.min.css"> <script data-cookieconsent="ignore" src="https://docs.cpanel.net/js/jquery-3.4.1.min.js"></script> <script src="https://docs.cpanel.net/js/popper-1.16.0.min.js"></script> <script src="https://docs.cpanel.net/js/bootstrap-js/bootstrap.bundle.min.js"></script> <script src="https://docs.cpanel.net/js/search.js"></script> <script src="https://docs.cpanel.net/js/prism.min.js" ></script> <body><nav class="navbar navbar-expand-lg navbar-light bg-light"> <div class="container"> <a class="navbar-brand" href="https://docs.cpanel.net/"> <img src="https://docs.cpanel.net/img/docs-logo.min.svg" alt="cPanel logo"> </a> <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarResponsive" aria-controls="navbarResponsive" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon "></span> </button> <div class="collapse navbar-collapse" id="navbarResponsive"> <ul class="navbar-nav ml-auto"> <li class=" nav-item"> <a class="nav-link" href="https://docs.cpanel.net/release-notes/">Release Notes</a> </li> <li class=" nav-item"> <a class="nav-link" href="https://docs.cpanel.net/changelogs/">Change Logs</a> </li> <li class=" nav-item"> <a class="nav-link" href="https://forums.cpanel.net/" target="_blank" rel="noopener">Forums</a> </li> <li class=" nav-item"> <a class="nav-link" href="https://tickets.cpanel.net/review/login.cgi" target="_blank" rel="noopener">Support Ticket</a> </li> <li class="nav-item"> <a class="btn btn-secondary" href="https://cpanel.net/products/trial/" target="_blank" rel="noopener">Try Demo</a> </li> </ul> </div> </div> </nav> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-KJG3H4L');</script> <div id="content"> <div class="article-container container-fluid"><form id="search-form" name="search-form"> <select class="custom-select d-md-none mt-4 mb-3"> <option value="all" selected>All</option> <option value="cpanel">cPanel</option> <option value="whm">WHM</option> <option value="ea4">EA4</option> <option value="knowledge-base">Knowledge Base</option> <option value="manage2">Manage2</option> <option value="webmail">Webmail</option> <option value="api">API</option> </select> <div class="input-group"> <div class="input-group-append d-none d-md-inline"> <select name="product" class="custom-select"> <option value="all" selected>All</option> <option value="cpanel">cPanel</option> <option value="whm">WHM</option> <option value="ea4">EA4</option> <option value="knowledge-base">Knowledge Base</option> <option value="manage2">Manage2</option> <option value="webmail">Webmail</option> <option value="api">API</option> </select> </div> <input id="search-query" name="q" type="text" class="form-control" placeholder="Enter search terms" aria-label="Default" aria-describedby="inputGroup-sizing-default" required /> <div class="input-group-append" id="search-btn-container"> <input type="submit" formaction="https://docs.cpanel.net//search" value="Search" class="input-group-text" id="submit-search-btn"> </div> </div> </form><ol class="d-none d-md-flex breadcrumb"> <li class="breadcrumb-item" > <a href="https://docs.cpanel.net/">cPanel &amp; WHM Documentation</a> </li> <li class="breadcrumb-item" > <a href="https://docs.cpanel.net/knowledge-base/">cPanel Knowledge Base</a> </li> <li class="breadcrumb-item" > <a href="https://docs.cpanel.net/knowledge-base/important-notices/">Important Notices</a> </li> <li class="breadcrumb-item active" aria-current="page" > CVE 2019 7524 Buffer overflow when reading extension header from Dovecot index files </li> </ol> <div class="tags"> <a href="https://docs.cpanel.net/tags/security/" class="badge badge-primary">security</a> </div><div class="row"> <div class="d-none d-md-block col-md-3"> <aside class="side-nav sticky"> <h4 class="mt-1">Table of Contents</h4> <div class="table-of-contents-wrapper"> <ul class="toc-list"> <a class="bigger-TOC" href="https://docs.cpanel.net/knowledge-base/important-notices/cve-2019-7524-buffer-overflow/#background-information"> <li>Background Information</li> </a> <hr /> <a class="bigger-TOC" href="https://docs.cpanel.net/knowledge-base/important-notices/cve-2019-7524-buffer-overflow/#releases"> <li>Releases</li> </a> <hr /> <a class="bigger-TOC" href="https://docs.cpanel.net/knowledge-base/important-notices/cve-2019-7524-buffer-overflow/#impact"> <li>Impact</li> </a> <hr /> <a class="bigger-TOC" href="https://docs.cpanel.net/knowledge-base/important-notices/cve-2019-7524-buffer-overflow/#how-to-determine-if-your-server-is-up-to-date"> <li>How to determine if your server is up to date</li> </a> <hr /> <a class="bigger-TOC" href="https://docs.cpanel.net/knowledge-base/important-notices/cve-2019-7524-buffer-overflow/#mitigation"> <li>Mitigation</li> </a> <hr /> <a class="bigger-TOC" href="https://docs.cpanel.net/knowledge-base/important-notices/cve-2019-7524-buffer-overflow/#official-upstream-security-report"> <li>Official Upstream Security Report</li> </a> <hr /> </ul> </div> <div id="wasThisHelpful" class="was-this-helpful-block alert alert-info fade" style="display:none"> <div id="wasHelpfulSection" class="collapse show wth-section"> <p class="wthb-description">Did you find this document helpful?</p> <div class="wthb-buttons"> <a href="javascript:void(0)" class="wthb-button wthb-yes" id="wasHelpfulBtn_yes" onClick="hideWasThisHelpful()"> <span class="sr-only">Yes</span> <i aria-hidden="true" class="fas fa-thumbs-up"></i> </a> <a href="javascript:void(0)" class="wthb-button wthb-no" id="wasHelpfulBtn_no" onClick="showFeedbackSection()"> <span class="sr-only">No</span> <i aria-hidden="true" class="fas fa-thumbs-down"></i> </a> </div> </div> <div id="giveFeedbackSection" class="collapse wth-feedback-section"> <div id="tf" style="width:100%;height:600px"></div> <link rel="stylesheet" href="//embed.typeform.com/next/css/widget.css" /> <script src="//embed.typeform.com/next/embed.js"></script> <script> window.tf.createWidget('B6wowWDL', { container: document.getElementById('tf'), hidden: { url_form: window.location.href } }); </script> </div> <script src="https://docs.cpanel.net/js/wasThisHelpful.min.js"></script> </div> </aside> </div> <div class="d-xs-block d-md-none col-md-3"> <aside class="side-nav sticky"> <a class="link" data-toggle="collapse" href="#table-of-contents-toggle" role="button" aria-expanded="false" aria-controls="table-of-contents-toggle"> <h4 class="mt-1">Table of Contents</h4> </a> <div class="collapse" id="table-of-contents-toggle"> <div class="table-of-contents-wrapper"> <ul class="toc-list"> <a class="bigger-TOC" href="https://docs.cpanel.net/knowledge-base/important-notices/cve-2019-7524-buffer-overflow/#background-information"> <li>Background Information</li> </a> <hr /> <a class="bigger-TOC" href="https://docs.cpanel.net/knowledge-base/important-notices/cve-2019-7524-buffer-overflow/#releases"> <li>Releases</li> </a> <hr /> <a class="bigger-TOC" href="https://docs.cpanel.net/knowledge-base/important-notices/cve-2019-7524-buffer-overflow/#impact"> <li>Impact</li> </a> <hr /> <a class="bigger-TOC" href="https://docs.cpanel.net/knowledge-base/important-notices/cve-2019-7524-buffer-overflow/#how-to-determine-if-your-server-is-up-to-date"> <li>How to determine if your server is up to date</li> </a> <hr /> <a class="bigger-TOC" href="https://docs.cpanel.net/knowledge-base/important-notices/cve-2019-7524-buffer-overflow/#mitigation"> <li>Mitigation</li> </a> <hr /> <a class="bigger-TOC" href="https://docs.cpanel.net/knowledge-base/important-notices/cve-2019-7524-buffer-overflow/#official-upstream-security-report"> <li>Official Upstream Security Report</li> </a> <hr /> </ul> </div> </div> </aside> </div> <div class="col-md-9"> <div class="flex-column flex-md-row article-header"> <div style="display:flex;align-items:center;padding-bottom:10px"><h2 style="padding-right:10px;">CVE 2019 7524 Buffer overflow when reading extension header from Dovecot index files</h2></div> </div> <p>Last modified: <em>2022 December 2</em></p> <hr /> <h2 id="background-information">Background Information</h2> <p>We were made aware of a CVE in Dovecot Versions 2.0.14 - 2.3.5 that involves using Solr on Thursday, March 28th 2019.</p> <h2 id="releases">Releases</h2> <ul> <li>70 — 70.0.68</li> <li>76 — EOL</li> <li>78 — 78.0.20</li> <li>CURRENT — 78.0.20</li> <li>RELEASE — 78.0.20</li> <li>STABLE — 78.0.20</li> </ul> <h2 id="impact">Impact</h2> <p>According to the vendor, the risk involves a local <code>root</code> privilege escalation or executing arbitrary code in Dovecot process context.</p> <p>The following lines in <code>dovecot.conf</code> are affected: <div class="highlight"><div style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"> <table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;"> <pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">2 </span></code></pre></td> <td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%"> <pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-go" data-lang="go"><span style="display:flex;"><span><span style="color:#a6e22e">dovecot</span>.<span style="color:#a6e22e">conf</span>: <span style="color:#a6e22e">mail_plugins</span> = <span style="color:#a6e22e">quota</span> <span style="color:#a6e22e">quota_clone</span> <span style="color:#a6e22e">zlib</span> <span style="color:#a6e22e">fts</span> <span style="color:#a6e22e">fts_solr</span> </span></span><span style="display:flex;"><span><span style="color:#a6e22e">dovecot</span>.<span style="color:#a6e22e">conf</span>: <span style="color:#a6e22e">mail_plugins</span> = <span style="color:#960050;background-color:#1e0010">$</span><span style="color:#a6e22e">mail_plugins</span> <span style="color:#a6e22e">zlib</span> <span style="color:#a6e22e">imap_zlib</span> <span style="color:#a6e22e">quota_clone</span> <span style="color:#a6e22e">virtual</span> <span style="color:#a6e22e">fts</span> <span style="color:#a6e22e">fts_solr</span></span></span></code></pre></td></tr></table> </div> </div></p> <h2 id="how-to-determine-if-your-server-is-up-to-date">How to determine if your server is up to date</h2> <p>The updated RPMs provided by cPanel will contain a changelog entry with the CVE number. You can check for this changelog entry with the following command:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-perl" data-lang="perl"><span style="display:flex;"><span>rpm <span style="color:#f92672">-</span><span style="color:#e6db74">q --changelog </span>dovecot <span style="color:#f92672">|</span> grep CVE<span style="color:#f92672">-</span><span style="color:#ae81ff">2019</span><span style="color:#f92672">-</span><span style="color:#ae81ff">7524</span></span></span></code></pre></div> <p>This should give you output resembling the following:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-perl" data-lang="perl"><span style="display:flex;"><span><span style="color:#f92672">-</span> Patch <span style="color:#66d9ef">for</span> CVE<span style="color:#f92672">-</span><span style="color:#ae81ff">2019</span><span style="color:#f92672">-</span><span style="color:#ae81ff">7524</span></span></span></code></pre></div> <h2 id="mitigation">Mitigation</h2> <p>Dovecot Solr is an opt-in option that can be installed from the Mange Plugins interface of WHM.</p> <p>If you have previously installed this plugin, we recommend uninstalling it from your cPanel &amp; WHM until we have released patched versions.</p> <p>To uninstall, navigate to WHM&rsquo;s <a href="https://docs.cpanel.net/whm/cpanel/manage-plugins"><em>Manage Plugins</em></a> interface (<em>WHM &raquo; Home &raquo; cPanel &raquo; Manage Plugins</em>) and uninstall Solr.</p> <hr> <img style="width:80%" src="https://docs.cpanel.net/img/cve-2019-7524.png" alt="Manage Plugins Solr" /> <hr> <h2 id="official-upstream-security-report">Official Upstream Security Report</h2> <div class="highlight"><div style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"> <table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;"> <pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 1 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 2 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 3 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 4 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 5 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 6 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 7 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 8 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 9 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">10 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">11 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">12 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">13 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">14 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">15 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">16 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">17 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">18 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">19 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">20 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">21 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">22 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">23 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">24 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">25 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">26 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">27 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">28 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">29 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">30 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">31 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">32 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">33 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">34 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">35 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">36 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">37 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">38 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">39 </span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">40 </span></code></pre></td> <td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%"> <pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-perl" data-lang="perl"><span style="display:flex;"><span>https:<span style="color:#e6db74">//</span>www<span style="color:#f92672">.</span>dovecot<span style="color:#f92672">.</span>org<span style="color:#e6db74">/pipermail/</span>dovecot<span style="color:#f92672">-</span>news<span style="color:#e6db74">/2019-March/</span><span style="color:#ae81ff">000403</span><span style="color:#f92672">.</span>html </span></span><span style="display:flex;"><span>Product: Dovecot </span></span><span style="display:flex;"><span>Vendor: OX Software GmbH </span></span><span style="display:flex;"><span>Internal reference: DOV<span style="color:#f92672">-</span><span style="color:#ae81ff">2964</span> (Bug ID) </span></span><span style="display:flex;"><span>Vulnerability type: CWE<span style="color:#f92672">-</span><span style="color:#ae81ff">120</span> </span></span><span style="display:flex;"><span>Vulnerable version: <span style="color:#ae81ff">2.0.14</span> <span style="color:#f92672">-</span> <span style="color:#ae81ff">2.3.5</span> </span></span><span style="display:flex;"><span>Vulnerable component: fts, pop3<span style="color:#f92672">-</span>uidl<span style="color:#f92672">-</span>plugin </span></span><span style="display:flex;"><span>Report confidence: Confirmed </span></span><span style="display:flex;"><span>Researcher credits: Found in internal testing </span></span><span style="display:flex;"><span>Solution status: Fixed by Vendor </span></span><span style="display:flex;"><span>Fixed version: <span style="color:#ae81ff">2.3.5.1</span>, <span style="color:#ae81ff">2.2.36.3</span> </span></span><span style="display:flex;"><span>Vendor notification: <span style="color:#ae81ff">2019</span><span style="color:#f92672">-</span><span style="color:#ae81ff">02</span><span style="color:#f92672">-</span><span style="color:#ae81ff">05</span> </span></span><span style="display:flex;"><span>Solution date: <span style="color:#ae81ff">2019</span><span style="color:#f92672">-</span><span style="color:#ae81ff">03</span><span style="color:#f92672">-</span><span style="color:#ae81ff">21</span> </span></span><span style="display:flex;"><span>Public disclosure: <span style="color:#ae81ff">2019</span><span style="color:#f92672">-</span><span style="color:#ae81ff">03</span><span style="color:#f92672">-</span><span style="color:#ae81ff">28</span> </span></span><span style="display:flex;"><span>CVE reference: CVE<span style="color:#f92672">-</span><span style="color:#ae81ff">2019</span><span style="color:#f92672">-</span><span style="color:#ae81ff">7524</span> </span></span><span style="display:flex;"><span>CVSS: <span style="color:#ae81ff">3.0</span><span style="color:#e6db74">/AV:L/</span>AC:L<span style="color:#e6db74">/PR:L/</span>UI:N<span style="color:#e6db74">/S:C/</span>C:H<span style="color:#e6db74">/I:H/</span>A:H<span style="color:#e6db74">/E:P/</span>RL:O<span style="color:#f92672">/</span>RC:C (<span style="color:#ae81ff">8.8</span>) </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Vulnerability Details: </span></span><span style="display:flex;"><span>When reading FTS <span style="color:#f92672">or</span> POP3<span style="color:#f92672">-</span>UIDL header from dovecot index, the input </span></span><span style="display:flex;"><span>buffer size is <span style="color:#f92672">not</span> bound, <span style="color:#f92672">and</span> data is copied to target structure causing </span></span><span style="display:flex;"><span>stack overflow<span style="color:#f92672">.</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Risk: </span></span><span style="display:flex;"><span>This can be used <span style="color:#66d9ef">for</span> local root privilege escalation <span style="color:#f92672">or</span> executing </span></span><span style="display:flex;"><span>arbitrary code in dovecot process context<span style="color:#f92672">.</span> This requires ability to </span></span><span style="display:flex;"><span>directly modify dovecot indexes<span style="color:#f92672">.</span> </span></span><span style="display:flex;"><span>Steps to reproduce: </span></span><span style="display:flex;"><span>Produce dovecot<span style="color:#f92672">.</span>index<span style="color:#f92672">.</span>log entry that creates an FTS header which has </span></span><span style="display:flex;"><span>more than <span style="color:#ae81ff">12</span> bytes of data<span style="color:#f92672">.</span> </span></span><span style="display:flex;"><span>Trigger dovecot indexer<span style="color:#f92672">-</span>worker <span style="color:#f92672">or</span> run doveadm index<span style="color:#f92672">.</span> </span></span><span style="display:flex;"><span>Dovecot will crash<span style="color:#f92672">.</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Mitigations: </span></span><span style="display:flex;"><span>Since <span style="color:#ae81ff">2.3.0</span> dovecot has been compiled with stack smash protection, ASLR, </span></span><span style="display:flex;"><span>read<span style="color:#f92672">-</span>only GOT tables <span style="color:#f92672">and</span> other techniques that make exploiting this bug </span></span><span style="display:flex;"><span>much harder<span style="color:#f92672">.</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Solution: </span></span><span style="display:flex;"><span>Operators should update to the latest Patch Release<span style="color:#f92672">.</span> The only workaround </span></span><span style="display:flex;"><span>is to disable FTS <span style="color:#f92672">and</span> pop3<span style="color:#f92672">-</span>uidl plugin<span style="color:#f92672">.</span></span></span></code></pre></td></tr></table> </div> </div> </div> </div> <section class="mt-5"> <h4>Additional Documentation</h4> <hr> <div class="additional-documentation"> <ul> <li> <a href="https://docs.cpanel.net/whm/security-center/apache-mod_userdir-tweak/">Apache mod_userdir Tweak</a> </li> <li> <a href="https://docs.cpanel.net/whm/security-center/compiler-access/">Compiler Access</a> </li> <li> <a href="https://docs.cpanel.net/whm/security-center/configure-security-policies/">Configure Security Policies</a> </li> <li> <a href="https://docs.cpanel.net/cpanel/files/directory-privacy/">Directory Privacy</a> </li> <li> <a href="https://docs.cpanel.net/whm/ssl-tls/generate-an-ssl-certificate-and-signing-request/">Generate an SSL Certificate and Signing Request</a> </li> <li> <a href="https://docs.cpanel.net/knowledge-base/cpanel-product/cpanel-glossary/">The cPanel Glossary</a> </li> </ul> </div> </section> </div> </div> <footer class="text-center mt-0"> <div class="container"> <div class="row"> <div class="col-md-1"> <a href="//cpanel.com" title="WebPros International, LLC" class="center-block cPanel-logo"> <img src="https://docs.cpanel.net/img/cpanel-logo.min.svg" title="WebPros International, LLC"/> </a> </div> <div class="col-md-11 legal"> <p class="small"> &copy; 2025 All Rights Reserved / <a href="//cpanel.com/legal-notices.html" target="_blank" rel="noopener" title="Legal Notices">Legal Notices</a> / <a href="//cpanel.com/privacy-policy.html" target="_blank" rel="noopener" title="Privacy Policy">Privacy Policy</a> / <a href="//cpanel.com/transparency-report.html" target="_blank" rel="noopener" title="Transparency Report">Transparency Report</a> </p> </div> </div> </div> <div class="container-fluid trademark"> <div class="row"> <div class="col-sm-12 text-center"> <small>cPanel, WebHost Manager, and WHM are registered trademarks of WebPros International, LLC for providing its computer software that facilitates the management and configuration of internet web servers.</small> </div> </div> </div> </footer> <script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'9157020a1d645d38',t:'MTc0MDE0Mzc1Ni4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();</script></body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10