Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-6171HistoryDec 09, 2013 - 4:36 p.m.
CVE-2013-6171
2013-12-0916:36:47
Debian Security Bug Tracker
security-tracker.debian.org
11
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS
0.002
Percentile
56.4%
checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | dovecot | < 1:2.2.9-1 | dovecot_1:2.2.9-1_all.deb |
| Debian | 11 | all | dovecot | < 1:2.2.9-1 | dovecot_1:2.2.9-1_all.deb |
| Debian | 999 | all | dovecot | < 1:2.2.9-1 | dovecot_1:2.2.9-1_all.deb |
| Debian | 13 | all | dovecot | < 1:2.2.9-1 | dovecot_1:2.2.9-1_all.deb |
Related
openvas
openvas
Dovecot < 2.2.7 Authentication Bypass Vulnerability
2019-12-18 00:00:00
Ubuntu: Security Advisory (USN-3556-2)
2022-08-26 00:00:00
ubuntucve
ubuntucve
CVE-2013-6171
2013-12-09 00:00:00
cvelist
cvelist
CVE-2013-6171
2013-12-09 11:00:00
cve
cve
CVE-2013-6171
2013-12-09 16:36:47
prion
prion
Authentication flaw
2013-12-09 16:36:00
nvd
nvd
CVE-2013-6171
2013-12-09 16:36:47
ubuntu
ubuntu
Dovecot vulnerabilities
2018-02-01 00:00:00
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS
0.002
Percentile
56.4%
Related for DEBIANCVE:CVE-2013-6171