Vulnerability Name:

CVE-2013-6171 (CCN-88304)

Assigned:2013-10-26
Published:2013-10-26
Updated:2018-03-16
Summary:checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-287
Vulnerability Consequences:Bypass Security
References:Source: MISC
Type: UNKNOWN
http://cpanel.net/tsr-2013-0010-full-disclosure/

Source: MITRE
Type: CNA
CVE-2013-6171

Source: CCN
Type: SA54808
Dovecot checkpassword-reply Security Bypass Security Issue

Source: SECUNIA
Type: Vendor Advisory
54808

Source: CONFIRM
Type: UNKNOWN
http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security

Source: CCN
Type: Dovecot Web site
Dovecot

Source: MLIST
Type: Patch
[Dovecot-news] 20131103 v2.2.7 released

Source: CCN
Type: BID-63367
Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability

Source: XF
Type: UNKNOWN
dovecot-cve20136171-sec-bypass(88304)

Source: UBUNTU
Type: UNKNOWN
USN-3556-2

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-6171

Vulnerable Configuration:Configuration 1:
  • cpe:/a:dovecot:dovecot:2.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.1:rc1:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.1:rc2:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.1:rc3:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.1:rc5:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.1:rc6:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.1:rc7:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.1.14:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.1.15:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.2:rc1:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.2:rc2:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.2:rc3:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.2:rc4:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.2:rc5:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.2:rc6:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.2:rc7:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.2.0:-:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:*:*:*:*:*:*:*:* (Version <= 2.2.6)

  • Configuration CCN 1:
  • cpe:/a:dovecot:dovecot:-:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.artful:def:20136171000
    V
    CVE-2013-6171 on Ubuntu 17.10 (artful) - low.
    2013-12-09
    oval:com.ubuntu.xenial:def:201361710000000
    V
    CVE-2013-6171 on Ubuntu 16.04 LTS (xenial) - low.
    2013-12-09
    oval:com.ubuntu.precise:def:20136171000
    V
    CVE-2013-6171 on Ubuntu 12.04 LTS (precise) - low.
    2013-12-09
    oval:com.ubuntu.trusty:def:20136171000
    V
    CVE-2013-6171 on Ubuntu 14.04 LTS (trusty) - low.
    2013-12-09
    oval:com.ubuntu.xenial:def:20136171000
    V
    CVE-2013-6171 on Ubuntu 16.04 LTS (xenial) - low.
    2013-12-09
    BACK
    dovecot dovecot 2.0 beta1
    dovecot dovecot 2.0.0
    dovecot dovecot 2.0.1
    dovecot dovecot 2.0.2
    dovecot dovecot 2.0.3
    dovecot dovecot 2.0.4
    dovecot dovecot 2.0.5
    dovecot dovecot 2.0.6
    dovecot dovecot 2.0.7
    dovecot dovecot 2.0.8
    dovecot dovecot 2.0.9
    dovecot dovecot 2.0.10
    dovecot dovecot 2.0.11
    dovecot dovecot 2.0.12
    dovecot dovecot 2.0.13
    dovecot dovecot 2.0.14
    dovecot dovecot 2.0.15
    dovecot dovecot 2.1 rc1
    dovecot dovecot 2.1 rc2
    dovecot dovecot 2.1 rc3
    dovecot dovecot 2.1 rc5
    dovecot dovecot 2.1 rc6
    dovecot dovecot 2.1 rc7
    dovecot dovecot 2.1.0
    dovecot dovecot 2.1.1
    dovecot dovecot 2.1.2
    dovecot dovecot 2.1.3
    dovecot dovecot 2.1.4
    dovecot dovecot 2.1.5
    dovecot dovecot 2.1.6
    dovecot dovecot 2.1.7
    dovecot dovecot 2.1.10
    dovecot dovecot 2.1.11
    dovecot dovecot 2.1.12
    dovecot dovecot 2.1.13
    dovecot dovecot 2.1.14
    dovecot dovecot 2.1.15
    dovecot dovecot 2.2 rc1
    dovecot dovecot 2.2 rc2
    dovecot dovecot 2.2 rc3
    dovecot dovecot 2.2 rc4
    dovecot dovecot 2.2 rc5
    dovecot dovecot 2.2 rc6
    dovecot dovecot 2.2 rc7
    dovecot dovecot 2.2.0
    dovecot dovecot 2.2.1
    dovecot dovecot 2.2.2
    dovecot dovecot 2.2.3
    dovecot dovecot 2.2.4
    dovecot dovecot 2.2.5
    dovecot dovecot *
    dovecot dovecot -