Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6714

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-6714
Last Modified 07 Mar 2011 10:03:41
Published 17 Apr 2008 06:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6714

Summary

DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.

Vulnerable Systems

Application

  • Dbmail 2.2.6

  • Dbmail 2.2.7

  • Dbmail 2.2.8


References

CONFIRM - http://dbmail.org/index.php?page=news&id=44

VUPEN - ADV-2008-1321

MLIST - [Dbmail-dev] 20071216 [DBMail 0000662]: Ability to bypass authentication.

OSVDB - 44561

FEDORA - FEDORA-2008-3371

FEDORA - FEDORA-2008-3333

XF - dbmail-authldap-security-bypass(41907)

SECTRACK - 1019914

BID - 28849

GENTOO - GLSA-200804-24

SECUNIA - 29984

SECUNIA - 29937

SECUNIA - 29903


Last Updated: 27 May 2016 10:46:36