CVE-2008-1218
CVE-2008-1218
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 1
cve_referencewww.exploit-db.com/exploits/5257não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.htmlhttp://secunia.com/advisories/29226http://secunia.com/advisories/29295http://secunia.com/advisories/29364http://secunia.com/advisories/29385http://secunia.com/advisories/29396http://secunia.com/advisories/29557http://secunia.com/advisories/32151http://security.gentoo.org/glsa/glsa-200803-25.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/41085https://issues.rpath.com/browse/RPL-2341https://usn.ubuntu.com/593-1/