CVE-2020-10957 – CVE-2020-10957 is a NULL pointer dereference vu... (How to Fix)

Q: What is the severity of CVE-2020-10957?

CVE-2020-10957 has a CVSS score of 7.5 (HIGH). CVE-2020-10957 is a NULL pointer dereference vulnerability in Dovecot email server that allows unauthenticated attackers to crash submission-login, submission, or LMTP services by sending malformed parameters to a NOOP command. This affects Dovecot installations before version 2.3.10.1, potentially causing denial of service for email services.

📋 TL;DR

CVE-2020-10957 is a NULL pointer dereference vulnerability in Dovecot email server that allows unauthenticated attackers to crash submission-login, submission, or LMTP services by sending malformed parameters to a NOOP command. This affects Dovecot installations before version 2.3.10.1, potentially causing denial of service for email services.

💻 Affected Systems

Products:

Dovecot

Versions: All versions before 2.3.10.1

Operating Systems: All operating systems running Dovecot

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects submission-login, submission, and LMTP services. IMAP and POP3 services are not affected.

📦 What is this software?

Dovecot by Dovecot

View all CVEs affecting Dovecot →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of email submission services, disrupting email delivery and potentially affecting business operations that rely on email communication.

🟠

Likely Case

Service crashes requiring manual restart, causing temporary email service disruption until services are restored.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring allowing quick detection and recovery.

🌐 Internet-Facing: HIGH - The vulnerability is exploitable by unauthenticated attackers from the internet if affected services are exposed.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this, but network segmentation reduces exposure.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.10.1 and later

Vendor Advisory: https://dovecot.org/security

Restart Required: Yes

Instructions:

1. Backup configuration files. 2. Update Dovecot to version 2.3.10.1 or later using your distribution's package manager. 3. Restart Dovecot services. 4. Verify services are running correctly.

🔧 Temporary Workarounds

Disable vulnerable services

linux

Temporarily disable submission-login, submission, and LMTP services if not required

systemctl stop dovecot-submission
systemctl stop dovecot-lmtp
systemctl disable dovecot-submission
systemctl disable dovecot-lmtp

Network filtering

linux

Block access to submission (587) and LMTP (24) ports from untrusted networks

iptables -A INPUT -p tcp --dport 587 -j DROP
iptables -A INPUT -p tcp --dport 24 -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit access to submission and LMTP services only to trusted sources
Deploy intrusion detection systems to monitor for exploitation attempts and implement automated service restart scripts

🔍 How to Verify

Check if Vulnerable:

Check Dovecot version with 'dovecot --version' and verify it's below 2.3.10.1

Check Version:

dovecot --version

Verify Fix Applied:

Verify version is 2.3.10.1 or higher with 'dovecot --version' and test email submission functionality

📡 Detection & Monitoring

Log Indicators:

Unexpected service crashes in syslog/messages
NOOP commands with malformed parameters in Dovecot logs
Submission/LMTP service restart patterns

Network Indicators:

Multiple NOOP commands to submission/LMTP ports from single sources
Traffic patterns indicating service disruption

SIEM Query:

source="dovecot.log" AND ("segmentation fault" OR "NULL pointer" OR "crash" OR "submission-login" OR "lmtp")

📊 Metadata

CVE ID: CVE-2020-10957

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: May 18, 2020

Last Updated: November 21, 2024

🔗 References

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00059.html
http://packetstormsecurity.com/files/157771/Open-Xchange-Dovecot-2.3.10-Null-Pointer-Dereference-Denial-Of-Service.html
http://seclists.org/fulldisclosure/2020/May/37 Exploit,Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/05/18/1 Mailing List,Third Party Advisory
https://dovecot.org/security Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTZN2VW55ZC2AQBGBJMLRJSZIKSB2NS6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVUWHUUAFPC6XGIXYFIPTNBXLHPNM4W6/
https://usn.ubuntu.com/4361-1/
https://www.debian.org/security/2020/dsa-4690
https://www.openwall.com/lists/oss-security/2020/05/18/1 Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00059.html
http://packetstormsecurity.com/files/157771/Open-Xchange-Dovecot-2.3.10-Null-Pointer-Dereference-Denial-Of-Service.html
http://seclists.org/fulldisclosure/2020/May/37 Exploit,Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/05/18/1 Mailing List,Third Party Advisory
https://dovecot.org/security Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTZN2VW55ZC2AQBGBJMLRJSZIKSB2NS6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVUWHUUAFPC6XGIXYFIPTNBXLHPNM4W6/
https://usn.ubuntu.com/4361-1/
https://www.debian.org/security/2020/dsa-4690
https://www.openwall.com/lists/oss-security/2020/05/18/1 Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-10957, you might also want to check these: