CVE-2007-6598

Published: Jan 4, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

28434

third-party-advisory

x_refsource_SECUNIA

30342

third-party-advisory

x_refsource_SECUNIA

oval:org.mitre.oval:def:10458

vdb-entry

signature

x_refsource_OVAL

20080103 Re: rPSA-2008-0001-1 dovecot

mailing-list

x_refsource_BUGTRAQ

RHSA-2008:0297

vendor-advisory

x_refsource_REDHAT

USN-567-1

vendor-advisory

x_refsource_UBUNTU

27093

vdb-entry

x_refsource_BID

ADV-2008-0017

vdb-entry

x_refsource_VUPEN

39876

vdb-entry

x_refsource_OSVDB

SUSE-SR:2008:020

vendor-advisory

x_refsource_SUSE

20080103 rPSA-2008-0001-1 dovecot

mailing-list

x_refsource_BUGTRAQ

DSA-1457

vendor-advisory

x_refsource_DEBIAN

[Dovecot-news] 20071221 Security hole #4: Specific LDAP + auth cache configuration may mix up user logins

mailing-list

x_refsource_MLIST

32151

third-party-advisory

x_refsource_SECUNIA

28404

third-party-advisory

x_refsource_SECUNIA

28271

third-party-advisory

x_refsource_SECUNIA

[Dovecot-news] 20071229 v1.0.10 released

mailing-list

x_refsource_MLIST

https://issues.rpath.com/browse/RPL-2076

x_refsource_CONFIRM

28227

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2007-6598

Description

Affected Products

References