Ubuntu update for Dovecot

Published: 2018-02-01

Risk	Low
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2013-6171 CVE-2017-15132
CWE-ID	CWE-264 CWE-401
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	Ubuntu Operating systems & Components / Operating system
Vendor	Canonical Ltd.

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Authentication bypass

EUVDB-ID: #VU10372

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2013-6171

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to bypass authentication on the target system.

The weakness exists due to checkpassword-reply performs setuid operations. A local attacker can attach to the process and use a restricted file descriptor to modify account information in the response to the dovecot-auth server, bypass authentication and access virtual email accounts.

Mitigation

Update the affected packages

Ubuntu 12.04 LTS:

dovecot-core 1:2.0.19-0ubuntu2.4

Vulnerable software versions

Ubuntu: 12.04

External links

http://www.ubuntu.com/usn/usn-3556-2/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory leak

EUVDB-ID: #VU10346

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-15132

CWE-ID: CWE-401 - Missing release of memory after effective lifetime