Back to search
CVE-2011-2166
Published: May 24, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.dovecot.org/doc/NEWS-2.0
x_refsource_CONFIRM
[dovecot] 20110511 v2.0.13 released
mailing-list
x_refsource_MLIST
RHSA-2013:0520
vendor-advisory
x_refsource_REDHAT
52311
third-party-advisory
x_refsource_SECUNIA
48003
vdb-entry
x_refsource_BID
[oss-security] 20110518 Dovecot releases
mailing-list
x_refsource_MLIST
dovecot-scriptlogin-sec-bypass(67675)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now