[VIM] Dovecot 'LIST' Command Denial of Service Vulnerability
Dinesh Theerthagiri
Dinesh_Theerthagiri at symantec.com
Wed Aug 14 13:25:18 CDT 2013
Hey,
You are right BID 61763 has a wrong CVE number (CVE-2013-2111). Now we corrected by removing the CVE number.
We consider 'LIST' command as DOS vulnerability because of below reference:
http://www.dovecot.org/list/dovecot-news/2013-August/000261.html
Thanks,
T.Dinesh
-----Original Message-----
From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On Behalf Of George Theall
Sent: 14 August 2013 23:22
To: Vulnerability Information Managers
Subject: [VIM] Dovecot 'LIST' Command Denial of Service Vulnerability
Narayan / Venkat / Rob : Why does the newly issued BID 61763 reference CVE-2013-2111? According to http://www.openwall.com/lists/oss-security/2013/05/24/1, that CVE was assigned for the APPEND parameter DoS fixed in Dovecot 2.2.2 and is referenced already in BID 60052.
Also, is this new BID even for an issue that's a vulnerability? See, for example, http://www.openwall.com/lists/oss-security/2013/08/14/6.
George
--
theall at tenable.com
More information about the VIM
mailing list