PublicDate: 2008-03-10 23:44:00 UTC
Candidate: CVE-2008-1218
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1218
 http://www.dovecot.org/list/dovecot-news/2008-March/000065.html
 https://ubuntu.com/security/notices/USN-593-1
Description:
 Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x
 before 1.1.rc3, when using blocking passdbs, allows remote attackers to
 bypass the password check via a password containing TAB characters, which
 are treated as argument delimiters that enable the skip_password_check
 field to be specified.
Ubuntu-Description:
Notes:
 jdstrand> exploitable through code introduced in 1.0.11
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_dovecot:
upstream_dovecot: released (1.0.13)
dapper_dovecot: not-affected (1.0.beta3-3ubuntu5.5)
edgy_dovecot: not-affected (1.0.rc2-1ubuntu2.2)
feisty_dovecot: not-affected (1.0.rc17-1ubuntu2.2)
gutsy_dovecot: not-affected (1:1.0.5-1ubuntu2.1)
devel_dovecot: not-affected (1:1.0.10-1ubuntu2)