Authentication bypass in Dovecot

#VU10372 Authentication bypass in Dovecot

Published: 2018-02-01 | Updated: 2018-02-05

Vulnerability identifier: #VU10372

Vulnerability risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2013-6171

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Dovecot
Server applications / Mail servers

Vendor: Dovecot

Description
The vulnerability allows a local attacker to bypass authentication on the target system.

The weakness exists due to checkpassword-reply performs setuid operations. A local attacker can attach to the process and use a restricted file descriptor to modify account information in the response to the dovecot-auth server, bypass authentication and access virtual email accounts.

Mitigation
Update to version 2.2.7.

Vulnerable software versions

Dovecot: 2.2.0 - 2.2.6

External links
http://www.dovecot.org/list/dovecot-news/2013-November/000264.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for Dovecot