[VIM] Dovecot 'LIST' Command Denial of Service Vulnerability
Dinesh Theerthagiri
Dinesh_Theerthagiri at symantec.com
Thu Aug 15 04:13:55 CDT 2013
Henri and George,
We looked at Timo's reply http://openwall.com/lists/oss-security/2013/08/14/6 , it don't have security impact.
On this confirmation we have retired BID 61763.
Thanks for Henri and George for correcting us.
-----Original Message-----
From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On Behalf Of Henri Salo
Sent: 15 August 2013 10:46
To: Vulnerability Information Managers
Subject: Re: [VIM] Dovecot 'LIST' Command Denial of Service Vulnerability
On Wed, Aug 14, 2013 at 11:25:18AM -0700, Dinesh Theerthagiri wrote:
> You are right BID 61763 has a wrong CVE number (CVE-2013-2111). Now we corrected by removing the CVE number.
>
> We consider 'LIST' command as DOS vulnerability because of below reference:
> http://www.dovecot.org/list/dovecot-news/2013-August/000261.html
>
> Thanks,
> T.Dinesh
Please see Timo's reply in oss-security http://openwall.com/lists/oss-security/2013/08/14/6
I don't think this requires CVE or other security vulnerability handling.
---
Henri Salo
More information about the VIM
mailing list