Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Dovecot 授权问题漏洞
Vulnerability Description
Dovecot是一款开源的基于类Linux/UNIX系统的IMAP和POP3邮件服务器。 Open-Xchange Dovecot 2.2版本存在授权问题漏洞,该漏洞源于当使用类似主控和非主控密码时,可能会出现权限提升。
CVSS Information
N/A
Vulnerability Type
N/A