微慑信息网

CVE-2008-1218-漏洞详情

CVE-2008-1218
CVSS 6.8
发布时间 :2008-03-10 19:44:00
修订时间 :2011-03-07 22:06:20
NMCOEPS    

[原文]Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.


[CNNVD]Dovecot Tab 字符绕过口令检查漏洞和未授权访问漏洞(CNNVD-200803-106)

        Dovecot是Linux/UNIX类系统平台上的开源IMAP和POP3服务器。


        Dovecot对用户请求数据没有充分的检查过滤,远程攻击者可能利用此漏洞绕过验证获取非授权访问。


        Dovecot的内部协议使用TAB字符作为分隔符,但未经转义便发送了口令,因此如果口令中包含有TAB字符的话,就可以添加新的内部字段。如果用户在登录时通过这种方式添加了skip_password_check字段的话,就可以绕过口令检查,获得非授权登录。


        


CVSS (基础分值)

CVSS分值: 6.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]


CWE (弱点类目)

CWE-255 [凭证管理]


CPE (受影响的平台与产品)

cpe:/a:dovecot:dovecot:1.1:rc2
cpe:/a:dovecot:dovecot:1.0.12


OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:8054 DSA-1516 dovecot — privilege escalation
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。


官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1218

(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1218

(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200803-106

(官方数据源) CNNVD


其它链接及资源

https://issues.rpath.com/browse/RPL-2341


(UNKNOWN)  CONFIRM  https://issues.rpath.com/browse/RPL-2341
http://www.dovecot.org/list/dovecot-news/2008-March/000065.html


(UNKNOWN)  MLIST  [Dovecot-news] 20080309 v1.0.13 and v1.1.rc3 released
http://www.dovecot.org/list/dovecot-news/2008-March/000064.html


(UNKNOWN)  MLIST  [Dovecot-news] 20080309 Security hole #6: Some passdbs allowed users to log in without a valid password
http://secunia.com/advisories/32151


(UNKNOWN)  SECUNIA  32151
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html


(UNKNOWN)  SUSE  SUSE-SR:2008:020
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00381.html


(UNKNOWN)  FEDORA  FEDORA-2008-2475
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00358.html


(UNKNOWN)  FEDORA  FEDORA-2008-2464
https://issues.rpath.com/browse/RPL-2341


(UNKNOWN)  MISC  https://issues.rpath.com/browse/RPL-2341
http://xforce.iss.net/xforce/xfdb/41085


(UNKNOWN)  XF  dovecot-tab-authentication-bypass(41085)
http://www.ubuntulinux.org/support/documentation/usn/usn-593-1


(UNKNOWN)  UBUNTU  USN-593-1
http://www.securityfocus.com/bid/28181


(UNKNOWN)  BID  28181
http://www.securityfocus.com/archive/1/archive/1/489481/100/0/threaded


(UNKNOWN)  BUGTRAQ  20080312 rPSA-2008-0108-1 dovecot
http://www.milw0rm.com/exploits/5257


(UNKNOWN)  MILW0RM  5257
http://www.debian.org/security/2008/dsa-1516


(UNKNOWN)  DEBIAN  DSA-1516
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0108


(UNKNOWN)  MISC  http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0108
http://security.gentoo.org/glsa/glsa-200803-25.xml


(UNKNOWN)  GENTOO  GLSA-200803-25
http://secunia.com/advisories/29557


(UNKNOWN)  SECUNIA  29557
http://secunia.com/advisories/29396


(UNKNOWN)  SECUNIA  29396
http://secunia.com/advisories/29385


(UNKNOWN)  SECUNIA  29385
http://secunia.com/advisories/29364


(UNKNOWN)  SECUNIA  29364
http://secunia.com/advisories/29295


(UNKNOWN)  SECUNIA  29295
http://secunia.com/advisories/29226


(UNKNOWN)  SECUNIA  29226


漏洞信息

Dovecot Tab 字符绕过口令检查漏洞和未授权访问漏洞
中危 信任管理
2008-03-10 00:00:00 2008-10-10 00:00:00
远程  
        Dovecot是Linux/UNIX类系统平台上的开源IMAP和POP3服务器。


        Dovecot对用户请求数据没有充分的检查过滤,远程攻击者可能利用此漏洞绕过验证获取非授权访问。


        Dovecot的内部协议使用TAB字符作为分隔符,但未经转义便发送了口令,因此如果口令中包含有TAB字符的话,就可以添加新的内部字段。如果用户在登录时通过这种方式添加了skip_password_check字段的话,就可以绕过口令检查,获得非授权登录。


        


公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:


        http://www.debian.org/security/2008/dsa-1516


        http://www.dovecot.org/list/dovecot-news/2008-March/000065.html


漏洞信息 (5257)

Dovecot IMAP 1.0.10 <= 1.1rc2 Remote Email Disclosure Exploit (EDBID:5257)
multiple remote
2008-03-14 Verified
0 Kingcope

N/A

[点击下载]


漏洞信息 (F64909)

Ubuntu Security Notice 593-1 (PacketStormID:F64909)

2008-03-26 00:00:00
Ubuntu  security.ubuntu.com

advisory

linux,ubuntu

CVE-2008-1199,CVE-2008-1218

[点击下载]

Ubuntu Security Notice 593-1 – It was discovered that the default configuration of dovecot could allow access to any email files with group “mail” without verifying that a user had valid rights. An attacker able to create symlinks in their mail directory could exploit this to read or delete another user's email. By default, dovecot passed special characters to the underlying authentication systems. While Ubuntu releases of dovecot are not known to be vulnerable, the authentication routine was proactively improved to avoid potential future problems.


漏洞信息 (F64681)

Gentoo Linux Security Advisory 200803-25 (PacketStormID:F64681)

2008-03-19 00:00:00
Gentoo  security.gentoo.org

advisory,arbitrary

linux,gentoo

CVE-2008-1199,CVE-2008-1218

[点击下载]

Gentoo Linux Security Advisory GLSA 200803-25 – Dovecot uses the group configured via the mail_extra_groups setting, which should be used to create lockfiles in the /var/mail directory, when accessing arbitrary files (CVE-2008-1199). Dovecot does not escape TAB characters in passwords when saving them, which might allow for argument injection in blocking passdbs such as MySQL, PAM or shadow (CVE-2008-1218). Versions less than 1.0.13-r1 are affected.


漏洞信息 (F64608)

dovecot-disclose.txt (PacketStormID:F64608)

2008-03-15 00:00:00
Kingcope  

exploit,remote,imap,info disclosure

CVE-2008-1218

[点击下载]

Dovecot IMAP versions 1.0.10 through 1.1rc2 remote email disclosure exploit.


漏洞信息 (F64601)

Debian Linux Security Advisory 1516-1 (PacketStormID:F64601)

2008-03-15 00:00:00
Debian  debian.org

advisory

linux,debian

CVE-2008-1199,CVE-2008-1218

[点击下载]

Debian Security Advisory 1516-1 – Prior to this update, the default configuration for Dovecot used by Debian runs the server daemons with group mail privileges. This means that users with write access to their mail directory by other means (for example, through an SSH login) could read mailboxes owned by other users for which they do not have direct write access. In addition, an internal interpretation conflict in password handling has been addressed pro-actively, even though it is not known to be exploitable.


漏洞信息


42979
Dovecot passdbs Argument Injection Authentication Bypass


漏洞描述


时间线


2008-03-10

Unknow
Unknow Unknow


解决方案

Upgrade to version 1.0.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.


相关参考


漏洞作者

Unknown or Incomplete


漏洞信息

Dovecot ‘Tab’ Character Password Check Security Bypass Vulnerability

Input Validation Error

28181
Yes No
2008-03-10 12:00:00 2008-10-07 05:58:00

The vendor reported this issue.


受影响的程序版本

Ubuntu Ubuntu Linux 7.10 sparc

Ubuntu Ubuntu Linux 7.10 powerpc

Ubuntu Ubuntu Linux 7.10 i386

Ubuntu Ubuntu Linux 7.10 amd64

Ubuntu Ubuntu Linux 7.04 sparc

Ubuntu Ubuntu Linux 7.04 powerpc

Ubuntu Ubuntu Linux 7.04 i386

Ubuntu Ubuntu Linux 7.04 amd64

Ubuntu Ubuntu Linux 6.10 sparc

Ubuntu Ubuntu Linux 6.10 powerpc

Ubuntu Ubuntu Linux 6.10 i386

Ubuntu Ubuntu Linux 6.10 amd64

Ubuntu Ubuntu Linux 6.06 LTS sparc

Ubuntu Ubuntu Linux 6.06 LTS powerpc

Ubuntu Ubuntu Linux 6.06 LTS i386

Ubuntu Ubuntu Linux 6.06 LTS amd64

S.u.S.E. openSUSE 11.0

S.u.S.E. openSUSE 10.3

S.u.S.E. openSUSE 10.2

rPath rPath Linux 1

Red Hat Fedora 8

Red Hat Fedora 7

Gentoo Linux 2007.0

Gentoo Linux

Dovecot Dovecot 1.0.12

Dovecot Dovecot 1.0.11

Dovecot Dovecot 1.0.11

Dovecot Dovecot 1.0.10

Dovecot Dovecot 1.0.9

Dovecot Dovecot 1.0.8

Dovecot Dovecot 1.0.7

Dovecot Dovecot 1.0.6

Dovecot Dovecot 1.0.5

Dovecot Dovecot 1.0.4

Dovecot Dovecot 1.0.3

Dovecot Dovecot 0.99.14

Dovecot Dovecot 0.99.13

Dovecot Dovecot 0.99.13

Dovecot Dovecot 0.99.10 .6

Dovecot Dovecot 1.1rc2

Dovecot Dovecot 1.0.RC9

Dovecot Dovecot 1.0.RC8

Dovecot Dovecot 1.0.RC7

Dovecot Dovecot 1.0.RC6

Dovecot Dovecot 1.0.RC5

Dovecot Dovecot 1.0.RC4

Dovecot Dovecot 1.0.RC3

Dovecot Dovecot 1.0.RC2

Dovecot Dovecot 1.0.RC15

Dovecot Dovecot 1.0.RC14

Dovecot Dovecot 1.0.RC13

Dovecot Dovecot 1.0.RC12

Dovecot Dovecot 1.0.RC11

Dovecot Dovecot 1.0.RC10

Dovecot Dovecot 1.0.rc1

Dovecot Dovecot 1.0.beta3

Dovecot Dovecot 1.0.Beta2

Dovecot Dovecot 1.0 rc29

Dovecot Dovecot 1.0 beta8

Dovecot Dovecot 1.0 beta7

Dovecot Dovecot 1.0

Debian Linux 4.0 sparc

Debian Linux 4.0 s/390

Debian Linux 4.0 powerpc

Debian Linux 4.0 mipsel

Debian Linux 4.0 mips

Debian Linux 4.0 m68k

Debian Linux 4.0 ia-64

Debian Linux 4.0 ia-32

Debian Linux 4.0 hppa

Debian Linux 4.0 arm

Debian Linux 4.0 amd64

Debian Linux 4.0 alpha

Debian Linux 4.0

Dovecot Dovecot 1.0.13

Dovecot Dovecot 1.1rc3


不受影响的程序版本

Dovecot Dovecot 1.0.13

Dovecot Dovecot 1.1rc3


漏洞讨论

Dovecot is prone to a security-bypass vulnerability because the application fails to adequately sanitize user-supplied input.



An attacker may exploit this issue to gain unauthorized access the affected application. Successful exploits will compromise the application.



Versions prior to Dovecot 1.0.13 and 1.1.rc3 are vulnerable. The vendor states that this issue affects only password databases that have blocking enabled.



NOTE: Reports indicate that this issue can be exploited only on versions after Dovecot 1.0.10, which introduced the 'skip_password_check' field.


漏洞利用

An attacker can exploit this issue using standard client applications.



The following exploit is available:


解决方案

The vendor released an update to address this issue. Please see the references for more information.





Dovecot Dovecot 1.0.RC11



Dovecot Dovecot 1.0 rc29



Dovecot Dovecot 1.0.RC4



Dovecot Dovecot 1.0 beta7



Dovecot Dovecot 1.0.RC12



Dovecot Dovecot 1.0.RC13



Dovecot Dovecot 1.0.RC3



Dovecot Dovecot 1.0.RC9



Dovecot Dovecot 1.0.RC8



Dovecot Dovecot 1.0.Beta2



Dovecot Dovecot 1.0



Dovecot Dovecot 1.0.RC15



Dovecot Dovecot 1.0.RC2



Dovecot Dovecot 1.0.RC14



Dovecot Dovecot 1.0.rc1



Dovecot Dovecot 1.1rc2



Dovecot Dovecot 1.0.beta3



Dovecot Dovecot 1.0.RC10



Dovecot Dovecot 1.0 beta8



Dovecot Dovecot 1.0.RC5



Dovecot Dovecot 1.0.RC7



Dovecot Dovecot 1.0.RC6



Dovecot Dovecot 0.99.10 .6



Dovecot Dovecot 0.99.13



Dovecot Dovecot 0.99.13



Dovecot Dovecot 0.99.14



Dovecot Dovecot 1.0.10



Dovecot Dovecot 1.0.11



Dovecot Dovecot 1.0.11



Dovecot Dovecot 1.0.12



Dovecot Dovecot 1.0.3



Dovecot Dovecot 1.0.4



Dovecot Dovecot 1.0.5



Dovecot Dovecot 1.0.6



Dovecot Dovecot 1.0.7



Dovecot Dovecot 1.0.8



Dovecot Dovecot 1.0.9


相关参考

本文标题:CVE-2008-1218-漏洞详情
本文链接:
(转载请附上本文链接)
http://vulsee.com/archives/vulsee_2019/0713_2933.html
转载请附本站链接,未经允许不得转载,,谢谢:微慑信息网-VulSee.com » CVE-2008-1218-漏洞详情
分享到: 更多 (0)

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

微慑信息网 专注工匠精神

访问我们联系我们