CVSS: 5.8EPSS: 0%CPEs: 51EXPL: 0CVE-2013-6171
https://notcve.org/view.php?id=CVE-2013-6171
checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server. checkpassword-reply en Dovecot anteriores a 2.2.7 ejecuta operaciones setuid a usuarios que se están autenticando, lo cual permite a usuarios locales sortear la autenticación y acceder a cuentas de email virtuales adjuntandose al proceso y utilizando un descriptor de fichero restringido para modificar información de la cuenta en la respuesta al servidor dovecot-auth. • http://cpanel.net/tsr-2013-0010-full-disclosure http://secunia.com/advisories/54808 http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security http://www.dovecot.org/list/dovecot-news/2013-November/000264.html https://usn.ubuntu.com/3556-2 • CWE-287: Improper Authentication •
CVSS: 5.8EPSS: 0%CPEs: 16EXPL: 0CVE-2011-4318 – dovecot: proxy destination host name not checked against SSL certificate name
https://notcve.org/view.php?id=CVE-2011-4318
Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname. Dovecot v2.0.x antes de v2.0.16, cuando ssl o starttls está disponible y hostname se usa para definir la destinación del proxy, que no verifica que el servidor hostname busca el nombre del dominio en el sujeto del Common Name (CN) del certificado X.509, que permite ataques man-in-the middle para burlar los servidores SSL a través de un certificado para un hostname diferente. • http://hg.dovecot.org/dovecot-2.0/rev/5e9eaf63a6b1 http://rhn.redhat.com/errata/RHSA-2013-0520.html http://secunia.com/advisories/46886 http://secunia.com/advisories/52311 http://www.dovecot.org/list/dovecot-news/2011-November/000200.html http://www.openwall.com/lists/oss-security/2011/11/18/5 http://www.openwall.com/lists/oss-security/2011/11/18/7 https://bugs.gentoo.org/show_bug.cgi?id=390887 https://bugzilla.redhat.com/show_bug.cgi?id=754980 https:/&# • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2011-2166 – dovecot: authenticated remote bypass of intended access restrictions
https://notcve.org/view.php?id=CVE-2011-2166
script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script. La secuencia de comandos de inicio de sesión en Dovecot v2.0.x antes de v2.0.13 no sigue la configuración del usuario y grupo, lo que podría permitir a usuarios remotos autenticados eludir las restricciones de acceso destinados al aprovechar una secuencia de comandos. • http://dovecot.org/pipermail/dovecot/2011-May/059085.html http://openwall.com/lists/oss-security/2011/05/18/4 http://rhn.redhat.com/errata/RHSA-2013-0520.html http://secunia.com/advisories/52311 http://www.dovecot.org/doc/NEWS-2.0 http://www.securityfocus.com/bid/48003 https://exchange.xforce.ibmcloud.com/vulnerabilities/67675 https://access.redhat.com/security/cve/CVE-2011-2166 https://bugzilla.redhat.com/show_bug.cgi?id=709095 • CWE-16: Configuration •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2011-2167 – dovecot: directory traversal due to not obeying chroot directive
https://notcve.org/view.php?id=CVE-2011-2167
script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script. Las secuencias de comandos de inicio de sesión en Dovecot v2.0.x antes de v2.0.13 no sigue las opciones de configuración de chroot, lo que podría permitir a usuarios remotos autenticados realizar ataques de directorio transversal mediante el aprovechamiento de una secuencia de comandos. • http://dovecot.org/pipermail/dovecot/2011-May/059085.html http://openwall.com/lists/oss-security/2011/05/18/4 http://rhn.redhat.com/errata/RHSA-2013-0520.html http://secunia.com/advisories/52311 http://www.dovecot.org/doc/NEWS-2.0 http://www.securityfocus.com/bid/48003 https://exchange.xforce.ibmcloud.com/vulnerabilities/67674 https://access.redhat.com/security/cve/CVE-2011-2167 https://bugzilla.redhat.com/show_bug.cgi?id=709097 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.5EPSS: 0%CPEs: 16EXPL: 0CVE-2010-3779
https://notcve.org/view.php?id=CVE-2010-3779
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox. Dovecot v1.2.x anterior a v1.2.15 y v2.0.x anterior a v2.0.beta2 proporciona permisos de administrador al propietario del cada buzón de correo en un espacio de nombres no público (non-public namespace), lo que podría permitir a usuarios autenticados remotamente evitar resctricciones de acceso intencionadas cambiando el ACL de un buzón de correo, tal y como se demostró con un buzón "symlinked shared" • http://secunia.com/advisories/43220 http://www.dovecot.org/list/dovecot/2010-October/053450.html http://www.dovecot.org/list/dovecot/2010-October/053452.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:217 http://www.ubuntu.com/usn/USN-1059-1 http://www.vupen.com/english/advisories/2010/2840 http://www.vupen.com/english/advisories/2011/0301 • CWE-264: Permissions, Privileges, and Access Controls •