CVE-2013-6171
Dovecot < 2.2.7 - Authentication Bypass via checkpassword-reply Descriptor Manipulation
Title source: llmDescription
checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.
References (5)
Core 5
Core References
Third Party Advisory x_refsource_confirm
http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security
Various Sources x_refsource_misc
http://cpanel.net/tsr-2013-0010-full-disclosure/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3556-2/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/54808
Patch mailing-list
x_refsource_mlist
http://www.dovecot.org/list/dovecot-news/2013-November/000264.html
Scores
EPSS
0.0146
EPSS Percentile
70.2%
Details
CWE
CWE-287
Status
published
Products (39)
dovecot/dovecot
2.0 beta1
dovecot/dovecot
2.0.0
dovecot/dovecot
2.0.1
dovecot/dovecot
2.0.2
dovecot/dovecot
2.0.3
dovecot/dovecot
2.0.4
dovecot/dovecot
2.0.5
dovecot/dovecot
2.0.6
dovecot/dovecot
2.0.7
dovecot/dovecot
2.0.8
... and 29 more
Published
Dec 09, 2013
Tracked Since
Feb 18, 2026