Ubuntu
dovecot package

[dovecot] [CVE-2007-6598] information disclosure

Bug #181724 reported by disabled.user on 2008-01-10

254

Affects		Status	Importance	Assigned to	Milestone
	dovecot (Ubuntu)	Fix Released	Undecided	Kees Cook

Bug Description

Binary package hint: dovecot

References:
DSA-1457-1 (http://www.debian.org/security/2008/dsa-1457)

Quoting:
"It was discovered that Dovecot, a POP3 and IMAP server, only when used
with LDAP authentication and a base that contains variables, could allow
a user to log in to the account of another user with the same password."

CVE References

2007-6598

Jamie Strandboge (jdstrand) on 2008-01-10

Changed in dovecot:
status:	New → Fix Committed

Revision history for this message

Kees Cook (kees) wrote on 2008-03-07:

This was published in: http://www.ubuntu.com/usn/usn-567-1

Changed in dovecot:
assignee:	nobody → keescook
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntudovecot package