Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6598

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-6598
Last Modified 07 Mar 2011 10:03:16
Published 03 Jan 2008 09:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6598

Summary

Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.

Vulnerable Systems

Application

  • Dovecot 1.0.9


References

VUPEN - ADV-2008-0017

BID - 27093

BUGTRAQ - 20080103 Re: rPSA-2008-0001-1 dovecot

BUGTRAQ - 20080103 rPSA-2008-0001-1 dovecot

REDHAT - RHSA-2008:0297

SECUNIA - 32151

SECUNIA - 30342

OSVDB - 39876

SUSE - SUSE-SR:2008:020

MLIST - [Dovecot-news] 20071229 v1.0.10 released

MLIST - [Dovecot-news] 20071221 Security hole #4: Specific LDAP + auth cache configuration may mix up user logins

CONFIRM - https://issues.rpath.com/browse/RPL-2076

UBUNTU - USN-567-1

DEBIAN - DSA-1457

SECUNIA - 28434

SECUNIA - 28404

SECUNIA - 28271

SECUNIA - 28227

Related Patches

Red Hat 2008:0297-06 RHSA Low: dovecot security and bug fix update for RHEL 5 x86


Last Updated: 27 May 2016 10:46:32