Security Advisory

CVE-2013-6171

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2013-12-09 11:00:00

Last updated 2024-08-06 17:29:42

Assigner mitre

State PUBLISHED

Description

checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.

← Browse all CVEs View on cve.org ↗