CVE-2013-6171 – Ubuntu Security Notice USN-3556-2

https://notcve.org/view.php?id=CVE-2013-6171

09 Dec 2013 — checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server. checkpassword-reply en Dovecot anteriores a 2.2.7 ejecuta operaciones setuid a usuarios que se están autenticando, lo cual permite a usuarios locales sortear la autenticación y accede... • http://cpanel.net/tsr-2013-0010-full-disclosure • CWE-287: Improper Authentication •