CVE-2008-1218
Dovecot IMAP 1.0.10 < 1.1rc2 - Remote Email Disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
Vulnerabilidad de inyección de argumentos en Dovecot 1.0.x anterior a 1.0.13, y 1.1.x anterior a 1.1.rc3, cuando se utiliza passdbs con bloqueo, permite a atacantes remotos evitar la comprobación de contraseña a través de una contraseña que contenga caracteres TAB, los cuales son tratados como delimitadores de los argumentos que permiten que el fichero skip_password_check sea especificado.
It was discovered that the default configuration of dovecot could allow access to any email files with group "mail" without verifying that a user had valid rights. An attacker able to create symlinks in their mail directory could exploit this to read or delete another user's email. By default, dovecot passed special characters to the underlying authentication systems. While Ubuntu releases of dovecot are not known to be vulnerable, the authentication routine was proactively improved to avoid potential future problems.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-03-09 CVE Reserved
- 2008-03-10 CVE Published
- 2008-03-15 First Exploit
- 2024-08-07 CVE Updated
- 2025-04-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (22)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/29226 | Third Party Advisory | |
| http://secunia.com/advisories/29295 | Third Party Advisory | |
| http://secunia.com/advisories/29364 | Third Party Advisory | |
| http://secunia.com/advisories/29385 | Third Party Advisory | |
| http://secunia.com/advisories/29396 | Third Party Advisory | |
| http://secunia.com/advisories/29557 | Third Party Advisory | |
| http://secunia.com/advisories/32151 | Third Party Advisory | |
| http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0108 | X_refsource_misc | |
| http://www.dovecot.org/list/dovecot-news/2008-March/000064.html | Mailing List | |
| http://www.dovecot.org/list/dovecot-news/2008-March/000065.html | Mailing List | |
| http://www.securityfocus.com/archive/1/489481/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/28181 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41085 | Vdb Entry | |
| https://issues.rpath.com/browse/RPL-2341 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/64608 | 2008-03-15 | |
| https://www.exploit-db.com/exploits/5257 | 2024-08-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | <= 1.0.12 Search vendor "Dovecot" for product "Dovecot" and version " <= 1.0.12" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | <= 1.1 Search vendor "Dovecot" for product "Dovecot" and version " <= 1.1" | rc2 |
Affected
| ||||||