CVE-2007-6598 - Permissions, Privileges, and Access Control vulnerability in Dovecot 1.0.9

Publication

2008-01-04

Last modification

2018-10-15

Summary

Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.

Description

Dovecot is prone to a security-bypass vulnerability. An attacker may exploit this condition to bypass certain security restrictions and obtain potentially sensitive data; other attacks are also possible.Please note that default configurations of Dovecot are not affected by this issue. The chances of attack are further reduced because Dovecot must be configured in a specific way, making exploits highly circumstantial.Versions higher than Dovecot 1.0.rc11 and prior to Dovecot 1.0.10 are vulnerable to this issue.

Solution

The vendor released an update to address this issue. Please see the references for more information. Dovecot Dovecot 1.0.RC11 Dovecot dovecot-1.0.10.tar.gz http://dovecot.org/releases/1.0/dovecot-1.0.10.tar.gz Dovecot Dovecot 1.0 Dovecot dovecot-1.0.10.tar.gz http://dovecot.org/releases/1.0/dovecot-1.0.10.tar.gz Dovecot Dovecot 1.0.RC15 Dovecot dovecot-1.0.10.tar.gz http://dovecot.org/releases/1.0/dovecot-1.0.10.tar.gz Dovecot Dovecot 1.0.RC14 Dovecot dovecot-1.0.10.tar.gz http://dovecot.org/releases/1.0/dovecot-1.0.10.tar.gz Dovecot Dovecot 1.0.RC12 Dovecot dovecot-1.0.10.tar.gz http://dovecot.org/releases/1.0/dovecot-1.0.10.tar.gz Dovecot Dovecot 1.0.RC13 Dovecot dovecot-1.0.10.tar.gz http://dovecot.org/releases/1.0/dovecot-1.0.10.tar.gz Dovecot Dovecot 1.0.3 Dovecot dovecot-1.0.10.tar.gz http://dovecot.org/releases/1.0/dovecot-1.0.10.tar.gz Dovecot Dovecot 1.0.4 Dovecot dovecot-1.0.10.tar.gz http://dovecot.org/releases/1.0/dovecot-1.0.10.tar.gz Dovecot Dovecot 1.0.5 Dovecot dovecot-1.0.10.tar.gz http://dovecot.org/releases/1.0/dovecot-1.0.10.tar.gz Dovecot Dovecot 1.0.6 Dovecot dovecot-1.0.10.tar.gz http://dovecot.org/releases/1.0/dovecot-1.0.10.tar.gz Dovecot Dovecot 1.0.7 Dovecot dovecot-1.0.10.tar.gz http://dovecot.org/releases/1.0/dovecot-1.0.10.tar.gz Dovecot Dovecot 1.0.8 Dovecot dovecot-1.0.10.tar.gz http://dovecot.org/releases/1.0/dovecot-1.0.10.tar.gz Dovecot Dovecot 1.0.9 Dovecot dovecot-1.0.10.tar.gz http://dovecot.org/releases/1.0/dovecot-1.0.10.tar.gz

Exploit

An attacker can exploit this issue using standard client applications.

Classification

CWE-264 - Permissions, Privileges, and Access Control

Risk level (CVSS AV:N/AC:M/Au:N/C:P/I:P/A:P)

Medium

6.8

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Vendor comments

  • Joshua Bressers - Red Hat (2008-05-21)
    This issue did not affect versions of Dovecot as shipped with Red Hat Enterprise Linux before version 5. An update to Red Hat Enterprise Linux 5 was released to correct this issue: https://rhn.redhat.com/errata/RHSA-2008-0297.html

OVAL definition

{
    "accepted": "2013-04-29T04:05:51.165-04:00",
    "class": "vulnerability",
    "contributors": [
        {
            "name": "Aharon Chernin",
            "organization": "SCAP.com, LLC"
        },
        {
            "name": "Dragos Prisaca",
            "organization": "G2, Inc."
        }
    ],
    "definition_extensions": [
        {
            "comment": "The operating system installed on the system is Red Hat Enterprise Linux 5",
            "oval": "oval:org.mitre.oval:def:11414"
        },
        {
            "comment": "The operating system installed on the system is CentOS Linux 5.x",
            "oval": "oval:org.mitre.oval:def:15802"
        },
        {
            "comment": "Oracle Linux 5.x",
            "oval": "oval:org.mitre.oval:def:15459"
        }
    ],
    "description": "Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.",
    "family": "unix",
    "id": "oval:org.mitre.oval:def:10458",
    "status": "accepted",
    "submitted": "2010-07-09T03:56:16-04:00",
    "title": "Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.",
    "version": "19"
}

Affected Products

Vendor Product Versions
Dovecot Dovecot  1.0.9