CVE Vulnerabilities

CVE-2013-6171

Improper Authentication

Published: Dec 09, 2013 | Modified: Mar 16, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Dovecot Dovecot 2.1 2.1
Dovecot Dovecot 2.2.1 2.2.1
Dovecot Dovecot 2.2.3 2.2.3
Dovecot Dovecot 2.1.4 2.1.4
Dovecot Dovecot 2.1.0 2.1.0
Dovecot Dovecot 2.1 2.1
Dovecot Dovecot 2.1 2.1
Dovecot Dovecot 2.1.3 2.1.3
Dovecot Dovecot 2.0.9 2.0.9
Dovecot Dovecot 2.0 2.0
Dovecot Dovecot 2.1.13 2.1.13
Dovecot Dovecot 2.1.14 2.1.14
Dovecot Dovecot 2.1.6 2.1.6
Dovecot Dovecot 2.2 2.2
Dovecot Dovecot 2.1.10 2.1.10
Dovecot Dovecot 2.0.14 2.0.14
Dovecot Dovecot 2.0.7 2.0.7
Dovecot Dovecot 2.2 2.2
Dovecot Dovecot 2.0.12 2.0.12
Dovecot Dovecot 2.0.4 2.0.4
Dovecot Dovecot 2.1.12 2.1.12
Dovecot Dovecot 2.1 2.1
Dovecot Dovecot 2.0.2 2.0.2
Dovecot Dovecot 2.2.4 2.2.4
Dovecot Dovecot 2.2 2.2
Dovecot Dovecot 2.2 2.2
Dovecot Dovecot 2.2 2.2
Dovecot Dovecot 2.0.1 2.0.1
Dovecot Dovecot 2.2.0 2.2.0
Dovecot Dovecot 2.0.10 2.0.10
Dovecot Dovecot 2.0.11 2.0.11
Dovecot Dovecot 2.0.13 2.0.13
Dovecot Dovecot 2.1.1 2.1.1
Dovecot Dovecot 2.0.8 2.0.8
Dovecot Dovecot 2.0.3 2.0.3
Dovecot Dovecot 2.1.7 2.1.7
Dovecot Dovecot 2.1 2.1
Dovecot Dovecot 2.2 2.2
Dovecot Dovecot 2.1.15 2.1.15
Dovecot Dovecot * 2.2.6
Dovecot Dovecot 2.0.0 2.0.0
Dovecot Dovecot 2.1.5 2.1.5
Dovecot Dovecot 2.2.5 2.2.5
Dovecot Dovecot 2.0.15 2.0.15
Dovecot Dovecot 2.1 2.1
Dovecot Dovecot 2.1.2 2.1.2
Dovecot Dovecot 2.0.5 2.0.5
Dovecot Dovecot 2.2.2 2.2.2
Dovecot Dovecot 2.0.6 2.0.6
Dovecot Dovecot 2.1.11 2.1.11
Dovecot Dovecot 2.2 2.2

Potential Mitigations

References