Intrusion Prevention

Dovecot.SASL.Authentication.Component.DoS

Description

This indicates an attempt to exploit a Denial of Service vulnerability in SASL authentication component of Dovecot server.
The vulnerability is due to a validation error when the vulnerable software handles a crafted username when processing SASL authentication if auth-policy component has been activated. A remote attacker may be able to exploit this to cause a denial of service condition on the affected system.

Affected Products

Dovecot Dovecot 2.2.25 through 2.2.26.1

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://seclists.org/oss-sec/2016/q4/564

CVE References

CVE-2016-8652