CVE-2013-6171

checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
dovecotdovecot
𝑥
≤ 2.2.6
dovecotdovecot
2.0:beta1
dovecotdovecot
2.0.0
dovecotdovecot
2.0.1
dovecotdovecot
2.0.2
dovecotdovecot
2.0.3
dovecotdovecot
2.0.4
dovecotdovecot
2.0.5
dovecotdovecot
2.0.6
dovecotdovecot
2.0.7
dovecotdovecot
2.0.8
dovecotdovecot
2.0.9
dovecotdovecot
2.0.10
dovecotdovecot
2.0.11
dovecotdovecot
2.0.12
dovecotdovecot
2.0.13
dovecotdovecot
2.0.14
dovecotdovecot
2.0.15
dovecotdovecot
2.1:rc1
dovecotdovecot
2.1:rc2
dovecotdovecot
2.1:rc3
dovecotdovecot
2.1:rc5
dovecotdovecot
2.1:rc6
dovecotdovecot
2.1:rc7
dovecotdovecot
2.1.0
dovecotdovecot
2.1.1
dovecotdovecot
2.1.2
dovecotdovecot
2.1.3
dovecotdovecot
2.1.4
dovecotdovecot
2.1.5
dovecotdovecot
2.1.6
dovecotdovecot
2.1.7
dovecotdovecot
2.1.10
dovecotdovecot
2.1.11
dovecotdovecot
2.1.12
dovecotdovecot
2.1.13
dovecotdovecot
2.1.14
dovecotdovecot
2.1.15
dovecotdovecot
2.2:rc1
dovecotdovecot
2.2:rc2
dovecotdovecot
2.2:rc3
dovecotdovecot
2.2:rc4
dovecotdovecot
2.2:rc5
dovecotdovecot
2.2:rc6
dovecotdovecot
2.2:rc7
dovecotdovecot
2.2.0
dovecotdovecot
2.2.1
dovecotdovecot
2.2.2
dovecotdovecot
2.2.3
dovecotdovecot
2.2.4
dovecotdovecot
2.2.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dovecot
bullseye
1:2.3.13+dfsg1-2+deb11u1
fixed
wheezy
no-dsa
squeeze
no-dsa
bullseye (security)
1:2.3.13+dfsg1-2+deb11u2
fixed
bookworm
1:2.3.19.1+dfsg1-2.1+deb12u1
fixed
bookworm (security)
1:2.3.19.1+dfsg1-2.1+deb12u1
fixed
sid
1:2.3.21.1+dfsg1-1
fixed
trixie
1:2.3.21.1+dfsg1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dovecot
artful
not-affected
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
not-affected
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://cpanel.net/tsr-2013-0010-full-disclosure/
http://secunia.com/advisories/54808
http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security
http://www.dovecot.org/list/dovecot-news/2013-November/000264.html
https://usn.ubuntu.com/3556-2/
http://cpanel.net/tsr-2013-0010-full-disclosure/
http://secunia.com/advisories/54808
http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security
http://www.dovecot.org/list/dovecot-news/2013-November/000264.html
https://usn.ubuntu.com/3556-2/