CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS
Percentile
56.4%
checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a
user who is authenticating, which allows local users to bypass
authentication and access virtual email accounts by attaching to the
process and using a restricted file descriptor to modify account
information in the response to the dovecot-auth server.
wiki2.dovecot.org/AuthDatabase/CheckPassword#Security
www.dovecot.org/list/dovecot-news/2013-November/000264.html
launchpad.net/bugs/cve/CVE-2013-6171
nvd.nist.gov/vuln/detail/CVE-2013-6171
security-tracker.debian.org/tracker/CVE-2013-6171
ubuntu.com/security/notices/USN-3556-2
www.cve.org/CVERecord?id=CVE-2013-6171