Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Dovecot Checkpassword Authentication Protocol 本地身份验证绕过漏洞
Vulnerability Description
Dovecot是一款开源的基于类Linux/UNIX系统的IMAP和POP3邮件服务器。 Dovecot 2.2.7之前的版本中存在安全漏洞,该漏洞源于checkpassword-reply二进制文件执行setuid操作验证用户。本地攻击者可利用该漏洞绕过身份验证,访问其他用户的邮箱,并使用限制的文件描述符修改账户信息。
CVSS Information
N/A
Vulnerability Type
N/A