| Vulnerability Name: | CVE-2007-6598 (CCN-39342) | ||||||||||||||||||||||||||||||||||||
| Assigned: | 2007-12-29 | ||||||||||||||||||||||||||||||||||||
| Published: | 2007-12-29 | ||||||||||||||||||||||||||||||||||||
| Updated: | 2018-10-15 | ||||||||||||||||||||||||||||||||||||
| Summary: | Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password. | ||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N)
| ||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-264 | ||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2007-6598 Source: MLIST Type: UNKNOWN [Dovecot-news] 20071221 Security hole #4: Specific LDAP + auth cache configuration may mix up user logins Source: MLIST Type: UNKNOWN [Dovecot-news] 20071229 v1.0.10 released Source: SUSE Type: UNKNOWN SUSE-SR:2008:020 Source: OSVDB Type: UNKNOWN 39876 Source: CCN Type: RHSA-2008-0297 Low: dovecot security and bug fix update Source: SECUNIA Type: UNKNOWN 28227 Source: CCN Type: SA28271 Dovecot LDAP Auth Cache Security Bypass Source: SECUNIA Type: UNKNOWN 28271 Source: SECUNIA Type: UNKNOWN 28404 Source: SECUNIA Type: UNKNOWN 28434 Source: SECUNIA Type: UNKNOWN 30342 Source: SECUNIA Type: UNKNOWN 32151 Source: DEBIAN Type: UNKNOWN DSA-1457 Source: DEBIAN Type: DSA-1457 dovecot -- programming error Source: CCN Type: Dovecot Web site Dovecot Source: CCN Type: Dovecot-news Mailing List, Fri Dec 21 00:38:12 EET 2007 Security hole #4: Specific LDAP + auth cache configuration may mix up user logins Source: CCN Type: OSVDB ID: 39876 Dovecot LDAP Auth Cache Security Bypass Source: REDHAT Type: UNKNOWN RHSA-2008:0297 Source: BUGTRAQ Type: UNKNOWN 20080103 rPSA-2008-0001-1 dovecot Source: BUGTRAQ Type: UNKNOWN 20080103 Re: rPSA-2008-0001-1 dovecot Source: BID Type: UNKNOWN 27093 Source: CCN Type: BID-27093 Dovecot Authentication Cache Security Bypass Vulnerability Source: CCN Type: USN-567-1 Dovecot vulnerability Source: UBUNTU Type: UNKNOWN USN-567-1 Source: VUPEN Type: UNKNOWN ADV-2008-0017 Source: XF Type: UNKNOWN dovecot-ldap-security-bypass(39342) Source: CONFIRM Type: UNKNOWN https://issues.rpath.com/browse/RPL-2076 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10458 Source: SUSE Type: SUSE-SR:2008:020 SUSE Security Summary Report | ||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||