Π POP3/IMAP4 servers 2.3.7.2 and 2.2.36.4 and in the appendix , eliminated (), which allows you to write data outside the allocated buffer by sending a specially designed request using the IMAP or ManageSieve protocols.
The problem can be exploited at the pre-authentication stage. A working exploit has not yet been prepared, but the Dovecot developers do not rule out the possibility of using the vulnerability to organize remote code execution attacks in the system or leak confidential data. All users are advised to urgently install updates (, , , , , , ).
The vulnerability exists in the IMAP and ManageSieve protocol parsers and is caused by incorrect handling of null characters when parsing data inside quoted strings. Problems allows you to achieve writing arbitrary data to objects stored outside the allocated buffer (at the stage before authentication, you can overwrite up to 8 KB, and after authentication up to 64 KB).
On Red Hat engineers make it difficult to use the problem for real attacks because the attacker cannot control the position of arbitrary overwriting of data in the heap. In response, the opinion is expressed that this feature only significantly complicates the attack, but does not exclude its implementation - the attacker can repeat the exploitation attempt many times until it hits the workspace in the heap.
Source: opennet.ru