Описание
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-1218
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41085
- https://issues.rpath.com/browse/RPL-2341
- https://usn.ubuntu.com/593-1
- https://www.exploit-db.com/exploits/5257
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00358.html
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00381.html
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html
- http://secunia.com/advisories/29226
- http://secunia.com/advisories/29295
- http://secunia.com/advisories/29364
- http://secunia.com/advisories/29385
- http://secunia.com/advisories/29396
- http://secunia.com/advisories/29557
- http://secunia.com/advisories/32151
- http://security.gentoo.org/glsa/glsa-200803-25.xml
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0108
- http://www.debian.org/security/2008/dsa-1516
- http://www.dovecot.org/list/dovecot-news/2008-March/000064.html
- http://www.dovecot.org/list/dovecot-news/2008-March/000065.html
- http://www.securityfocus.com/archive/1/489481/100/0/threaded
- http://www.securityfocus.com/bid/28181
EPSS
CVE ID
Связанные уязвимости
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1 ...
EPSS