CVE-2008-1218 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-1218
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1218

Description: Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/41085 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-593-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html SAID Secunia Advisory: SA29226 Secunia Advisory: SA29364 Secunia Advisory: SA29295 Secunia Advisory: SA29385 Secunia Advisory: SA29396 Secunia Advisory: SA29557 Secunia Advisory: SA32151 MLIST http://www.dovecot.org/list/dovecot-news/2008-March/000064.html http://www.dovecot.org/list/dovecot-news/2008-March/000065.html MISC http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0108 MILW0RM http://www.milw0rm.com/exploits/5257 GENTOO http://security.gentoo.org/glsa/glsa-200803-25.xml FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1516 CONFIRM BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/489481/100/0/threaded BID 28181

Return to the previous page.