CVE-2007-6598
Published: 4 January 2008
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
Priority
Status
Package | Release | Status |
---|---|---|
dovecot Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(code not present)
|
edgy |
Not vulnerable
(code not present)
|
|
feisty |
Released
(1.0.rc17-1ubuntu2.2)
|
|
gutsy |
Released
(1:1.0.5-1ubuntu2.1)
|
|
upstream |
Released
(1.0.10)
|
|
Patches: upstream: http://hg.dovecot.org/dovecot-1.0/raw-rev/2cedab21cd6d |