Описание
checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 1:2.2.9-1ubuntu2 |
| devel | not-affected | 1:2.2.9-1ubuntu2 |
| esm-infra-legacy/trusty | not-affected | 1:2.2.9-1ubuntu2 |
| esm-infra/xenial | not-affected | 1:2.2.9-1ubuntu2 |
| lucid | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | not-affected | 1:2.0.19-0ubuntu2.4 |
| quantal | ignored | end of life |
| raring | ignored | end of life |
| saucy | ignored | end of life |
Показывать по
5.8 Medium
CVSS2
Связанные уязвимости
checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.
checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.
checkpassword-reply in Dovecot before 2.2.7 performs setuid operations ...
checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.
5.8 Medium
CVSS2