Univention Bugzilla – Bug 57530
dovecot CVE-2024-23185 CVE-2024-23184
Last modified: 2024-09-09 19:04:08 CEST
the dovecot version served with UCS 5.0 has different bugs that allow easy DoS Situations with manipulated mails till version 2.3.21.1 This version is currently not available on ucs.
Further informations for the Bugs. https://www.openwall.com/lists/oss-security/2024/08/15/4 https://www.openwall.com/lists/oss-security/2024/08/15/3
* https://security-tracker.debian.org/tracker/CVE-2024-23184 * https://security-tracker.debian.org/tracker/CVE-2024-23185
The original report at https://dovecot.org/mailman3/hyperkitty/list/dovecot@dovecot.org/thread/TEVOFHCKWZW62C6NAM25S3K7CL6KUL2J/ says "Incoming mails typically have some size limits set by MTA, so even largest possible header size may still fit into Dovecot's vsz_limit. So attackers probably can't DoS a victim user this way. ..." vsz_limits are set to 256M by default in UCS. the relevant Postfix limits (header_size_limit and header_address_token_limit) are set to 10240 and message_size_limit can be controlled by UCRV mail/messagesizelimit which is usually set way beyond vsz_limit.
Of course the last words in my comment should read "below vsz_limit" instead of "beyond vsz_limit" and indicate that it will be hard to send a message through Postfix to Dovecot which addresses the vulnerability.
*** This bug has been marked as a duplicate of bug 57570 ***