VDB
CVE-2007-6598
CVE-2007-6598
PUBLISHED
Reported by mitre · Published January 4, 2008
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a, n/a |
Timeline
- Jan 4, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- 28434 third-party-advisoryx_refsource_SECUNIA
- 30342 third-party-advisoryx_refsource_SECUNIA
- oval:org.mitre.oval:def:10458 vdb-entrysignaturex_refsource_OVAL
- 20080103 Re: rPSA-2008-0001-1 dovecot mailing-listx_refsource_BUGTRAQ
- RHSA-2008:0297 vendor-advisoryx_refsource_REDHAT
- USN-567-1 vendor-advisoryx_refsource_UBUNTU
- 27093 vdb-entryx_refsource_BID
- ADV-2008-0017 vdb-entryx_refsource_VUPEN
- 39876 vdb-entryx_refsource_OSVDB
- SUSE-SR:2008:020 vendor-advisoryx_refsource_SUSE
- 20080103 rPSA-2008-0001-1 dovecot mailing-listx_refsource_BUGTRAQ
- DSA-1457 vendor-advisoryx_refsource_DEBIAN
- [Dovecot-news] 20071221 Security hole #4: Specific LDAP + auth cache configuration may mix up user logins mailing-listx_refsource_MLIST
- 32151 third-party-advisoryx_refsource_SECUNIA
- 28404 third-party-advisoryx_refsource_SECUNIA
- 28271 third-party-advisoryx_refsource_SECUNIA
- [Dovecot-news] 20071229 v1.0.10 released mailing-listx_refsource_MLIST
- x_refsource_CONFIRM
- 28227 third-party-advisoryx_refsource_SECUNIA