FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dovecot -- security hole in blocking passdbs

Affected packages
dovecot < 1.0.13

Details

VuXML ID b39bdc06-ee42-11dc-8678-00a0cce0781e
Discovery 2008-03-09
Entry 2008-03-10

Dovecot reports:

Security hole in blocking passdbs (MySQL always. PAM, passwd and shadow if blocking=yes) where user could specify extra fields in the password. The main problem here is when specifying "skip_password_check" introduced in v1.0.11 for fixing master user logins, allowing the user to log in as anyone without a valid password.

[source]

References

URL http://dovecot.org/list/dovecot-news/2008-March/000065.html
URL http://secunia.com/advisories/29295/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.