CVE-2007-6598 — Dovecot vulnerability

CWE-2647 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

2.5%

top 14.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dovecot Debian Dovecot

Timeline

PublishedJan 4

Latest updateMay 1

Description

Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/dovecot< dovecot 1:1.0.10-1 (bookworm)

▶Debiandovecot/dovecot< 1:1.0.10-1+3

▶NVDdovecot/dovecot1.0.9

🔴Vulnerability Details

GHSA

GHSA-grp6-gcpf-v967: Dovecot before 1↗2022-05-01

▶

OSV

CVE-2007-6598: Dovecot before 1↗2008-01-04

▶

📋Vendor Advisories

Ubuntu

Dovecot vulnerability↗2008-01-10

▶

Red Hat

dovecot LDAP+auth cache user login mixup↗2007-12-29

▶

Debian

CVE-2007-6598: dovecot - Dovecot before 1.0.10, with certain configuration options including use of %vari...↗2007

▶

💬Community

Bugzilla

CVE-2007-6598 dovecot LDAP+auth cache user login mixup↗2008-01-04

▶