CVE-2013-6171

Priority
Low
Description
checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a
user who is authenticating, which allows local users to bypass
authentication and access virtual email accounts by attaching to the
process and using a restricted file descriptor to modify account
information in the response to the dovecot-auth server.
References
Bugs
Package
Upstream:released (2.2.7)
Ubuntu 12.04 ESM (Precise Pangolin):released (1:2.0.19-0ubuntu2.4)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1:2.2.9-1ubuntu2)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1:2.2.9-1ubuntu2)
Ubuntu 17.10 (Artful Aardvark):not-affected (1:2.2.9-1ubuntu2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1:2.2.9-1ubuntu2)
Patches:
Upstream:http://hg.dovecot.org/dovecot-2.2/rev/a13098b642e9
More Information

Updated: 2018-02-01 21:14:17 UTC (commit 14118)