CVE-2007-6598 - OpenCVE

Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Dovecot	Dovecot

Configuration 1 [-]

cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*

References

Link	Resource
http://dovecot.org/list/dovecot-news/2007-December/000057.html
http://dovecot.org/list/dovecot-news/2007-December/000058.html
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html
http://osvdb.org/39876
http://secunia.com/advisories/28227
http://secunia.com/advisories/28271
http://secunia.com/advisories/28404
http://secunia.com/advisories/28434
http://secunia.com/advisories/30342
http://secunia.com/advisories/32151
http://www.debian.org/security/2008/dsa-1457
http://www.redhat.com/support/errata/RHSA-2008-0297.html
http://www.securityfocus.com/archive/1/485779/100/0/threaded
http://www.securityfocus.com/archive/1/485787/100/0/threaded
http://www.securityfocus.com/bid/27093
http://www.ubuntu.com/usn/usn-567-1
http://www.vupen.com/english/advisories/2008/0017
https://issues.rpath.com/browse/RPL-2076
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10458

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-01-04T02:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2007-12-31T00:00:00

Link: CVE-2007-6598

JSON object: View

NVD Information

Status : Modified

Published: 2008-01-04T02:46:00.000

Modified: 2018-10-15T21:55:24.117

Link: CVE-2007-6598

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-12-21T00:00:00", "descriptions": [{"lang": "en", "value": "Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "28434", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28434"}, {"name": "30342", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30342"}, {"name": "oval:org.mitre.oval:def:10458", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10458"}, {"name": "20080103 Re: rPSA-2008-0001-1 dovecot", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/485787/100/0/threaded"}, {"name": "RHSA-2008:0297", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0297.html"}, {"name": "USN-567-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-567-1"}, {"name": "27093", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27093"}, {"name": "ADV-2008-0017", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0017"}, {"name": "39876", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/39876"}, {"name": "SUSE-SR:2008:020", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"}, {"name": "20080103 rPSA-2008-0001-1 dovecot", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/485779/100/0/threaded"}, {"name": "DSA-1457", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1457"}, {"name": "[Dovecot-news] 20071221 Security hole #4: Specific LDAP + auth cache configuration may mix up user logins", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://dovecot.org/list/dovecot-news/2007-December/000057.html"}, {"name": "32151", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32151"}, {"name": "28404", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28404"}, {"name": "28271", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28271"}, {"name": "[Dovecot-news] 20071229 v1.0.10 released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://dovecot.org/list/dovecot-news/2007-December/000058.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-2076"}, {"name": "28227", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28227"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6598", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "28434", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28434"}, {"name": "30342", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30342"}, {"name": "oval:org.mitre.oval:def:10458", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10458"}, {"name": "20080103 Re: rPSA-2008-0001-1 dovecot", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/485787/100/0/threaded"}, {"name": "RHSA-2008:0297", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0297.html"}, {"name": "USN-567-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-567-1"}, {"name": "27093", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27093"}, {"name": "ADV-2008-0017", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0017"}, {"name": "39876", "refsource": "OSVDB", "url": "http://osvdb.org/39876"}, {"name": "SUSE-SR:2008:020", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"}, {"name": "20080103 rPSA-2008-0001-1 dovecot", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/485779/100/0/threaded"}, {"name": "DSA-1457", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1457"}, {"name": "[Dovecot-news] 20071221 Security hole #4: Specific LDAP + auth cache configuration may mix up user logins", "refsource": "MLIST", "url": "http://dovecot.org/list/dovecot-news/2007-December/000057.html"}, {"name": "32151", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32151"}, {"name": "28404", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28404"}, {"name": "28271", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28271"}, {"name": "[Dovecot-news] 20071229 v1.0.10 released", "refsource": "MLIST", "url": "http://dovecot.org/list/dovecot-news/2007-December/000058.html"}, {"name": "https://issues.rpath.com/browse/RPL-2076", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-2076"}, {"name": "28227", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28227"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6598", "datePublished": "2008-01-04T02:00:00", "dateReserved": "2007-12-31T00:00:00", "dateUpdated": "2018-10-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*", "matchCriteriaId": "E86FDDEF-12EF-4D0A-892D-A048C1FEFD74", "versionEndIncluding": "1.0.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password."}, {"lang": "es", "value": "Dovecot anterior a 1.0.10, con determinadas opciones de configuraci\u00f3n incluyendo el uso de %variables, no mantiene adecuadamente la cach\u00e9 LDAP+auth, lo cual podr\u00eda permitir a permite a usuarios autenticados remotamente identificarse como un usuario diferente que tiene la misma contrase\u00f1a."}], "id": "CVE-2007-6598", "lastModified": "2018-10-15T21:55:24.117", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-01-04T02:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://dovecot.org/list/dovecot-news/2007-December/000057.html"}, {"source": "cve@mitre.org", "url": "http://dovecot.org/list/dovecot-news/2007-December/000058.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/39876"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28227"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28271"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28404"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28434"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/30342"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/32151"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2008/dsa-1457"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2008-0297.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/485779/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/485787/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27093"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-567-1"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0017"}, {"source": "cve@mitre.org", "url": "https://issues.rpath.com/browse/RPL-2076"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10458"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "This issue did not affect versions of Dovecot as shipped with Red Hat Enterprise Linux before version 5. An update to Red Hat Enterprise Linux 5 was released to correct this issue:\nhttps://rhn.redhat.com/errata/RHSA-2008-0297.html\n", "lastModified": "2008-05-21T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}