CVE-2013-6171
Ubuntu Security Notice USN-3556-2
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.
checkpassword-reply en Dovecot anteriores a 2.2.7 ejecuta operaciones setuid a usuarios que se están autenticando, lo cual permite a usuarios locales sortear la autenticación y acceder a cuentas de email virtuales adjuntandose al proceso y utilizando un descriptor de fichero restringido para modificar información de la cuenta en la respuesta al servidor dovecot-auth.
USN-3556-1 fixed vulnerabilities in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled certain authentications. An attacker could possibly use this to bypass authentication and access sensitive information. Various other issues were also addressed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-10-18 CVE Reserved
- 2013-12-09 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://cpanel.net/tsr-2013-0010-full-disclosure | X_refsource_misc | |
| http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.dovecot.org/list/dovecot-news/2013-November/000264.html | 2018-03-16 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/54808 | 2018-03-16 | |
| https://usn.ubuntu.com/3556-2 | 2018-03-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | <= 2.2.6 Search vendor "Dovecot" for product "Dovecot" and version " <= 2.2.6" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.0 Search vendor "Dovecot" for product "Dovecot" and version "2.0" | beta1 |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.0.0 Search vendor "Dovecot" for product "Dovecot" and version "2.0.0" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.0.1 Search vendor "Dovecot" for product "Dovecot" and version "2.0.1" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.0.2 Search vendor "Dovecot" for product "Dovecot" and version "2.0.2" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.0.3 Search vendor "Dovecot" for product "Dovecot" and version "2.0.3" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.0.4 Search vendor "Dovecot" for product "Dovecot" and version "2.0.4" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.0.5 Search vendor "Dovecot" for product "Dovecot" and version "2.0.5" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.0.6 Search vendor "Dovecot" for product "Dovecot" and version "2.0.6" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.0.7 Search vendor "Dovecot" for product "Dovecot" and version "2.0.7" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.0.8 Search vendor "Dovecot" for product "Dovecot" and version "2.0.8" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.0.9 Search vendor "Dovecot" for product "Dovecot" and version "2.0.9" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.0.10 Search vendor "Dovecot" for product "Dovecot" and version "2.0.10" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.0.11 Search vendor "Dovecot" for product "Dovecot" and version "2.0.11" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.0.12 Search vendor "Dovecot" for product "Dovecot" and version "2.0.12" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.0.13 Search vendor "Dovecot" for product "Dovecot" and version "2.0.13" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.0.14 Search vendor "Dovecot" for product "Dovecot" and version "2.0.14" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.0.15 Search vendor "Dovecot" for product "Dovecot" and version "2.0.15" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.1 Search vendor "Dovecot" for product "Dovecot" and version "2.1" | rc1 |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.1 Search vendor "Dovecot" for product "Dovecot" and version "2.1" | rc2 |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.1 Search vendor "Dovecot" for product "Dovecot" and version "2.1" | rc3 |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.1 Search vendor "Dovecot" for product "Dovecot" and version "2.1" | rc5 |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.1 Search vendor "Dovecot" for product "Dovecot" and version "2.1" | rc6 |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.1 Search vendor "Dovecot" for product "Dovecot" and version "2.1" | rc7 |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.1.0 Search vendor "Dovecot" for product "Dovecot" and version "2.1.0" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.1.1 Search vendor "Dovecot" for product "Dovecot" and version "2.1.1" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.1.2 Search vendor "Dovecot" for product "Dovecot" and version "2.1.2" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.1.3 Search vendor "Dovecot" for product "Dovecot" and version "2.1.3" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.1.4 Search vendor "Dovecot" for product "Dovecot" and version "2.1.4" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.1.5 Search vendor "Dovecot" for product "Dovecot" and version "2.1.5" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.1.6 Search vendor "Dovecot" for product "Dovecot" and version "2.1.6" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.1.7 Search vendor "Dovecot" for product "Dovecot" and version "2.1.7" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.1.10 Search vendor "Dovecot" for product "Dovecot" and version "2.1.10" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.1.11 Search vendor "Dovecot" for product "Dovecot" and version "2.1.11" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.1.12 Search vendor "Dovecot" for product "Dovecot" and version "2.1.12" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.1.13 Search vendor "Dovecot" for product "Dovecot" and version "2.1.13" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.1.14 Search vendor "Dovecot" for product "Dovecot" and version "2.1.14" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.1.15 Search vendor "Dovecot" for product "Dovecot" and version "2.1.15" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.2 Search vendor "Dovecot" for product "Dovecot" and version "2.2" | rc1 |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.2 Search vendor "Dovecot" for product "Dovecot" and version "2.2" | rc2 |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.2 Search vendor "Dovecot" for product "Dovecot" and version "2.2" | rc3 |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.2 Search vendor "Dovecot" for product "Dovecot" and version "2.2" | rc4 |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.2 Search vendor "Dovecot" for product "Dovecot" and version "2.2" | rc5 |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.2 Search vendor "Dovecot" for product "Dovecot" and version "2.2" | rc6 |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.2 Search vendor "Dovecot" for product "Dovecot" and version "2.2" | rc7 |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.2.0 Search vendor "Dovecot" for product "Dovecot" and version "2.2.0" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.2.1 Search vendor "Dovecot" for product "Dovecot" and version "2.2.1" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.2.2 Search vendor "Dovecot" for product "Dovecot" and version "2.2.2" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.2.3 Search vendor "Dovecot" for product "Dovecot" and version "2.2.3" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.2.4 Search vendor "Dovecot" for product "Dovecot" and version "2.2.4" | - |
Affected
| ||||||
| Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | 2.2.5 Search vendor "Dovecot" for product "Dovecot" and version "2.2.5" | - |
Affected
| ||||||