From ${URL} : Description A security issue has been reported in Dovecot, which can be exploited by malicious, local users to bypass certain security restrictions. The security issue is caused due to the checkpassword-reply binary running with the UID and GID set to the user performing the authentication. This can be exploited to e.g. attach a debugger to a running instance of the checkpassword-reply binary and e.g. gain unauthorised access to another user's mailbox. Successful exploitation requires the application to be configured to use the checkpassword authentication protocol. The security issue is reported in versions prior to 2.2.7. Solution: Update to version 2.2.7. Provided and/or discovered by: cPanel Security Team. Original Advisory: Dovecot: http://www.dovecot.org/list/dovecot-news/2013-November/000264.html cPanel (Case 76869): http://cpanel.net/tsr-2013-0010-full-disclosure/ @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
dovecot-2.2.7 is not a good release. I'd like to wait a bit and go for stabilising =net-mail/dovecot-2.2.9.
CVE-2013-6171 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6171): checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.
Arches, please test and mark stable =net-mail/dovecot-2.2.9. Thank you.
Eray Version 2.2.6 is still in STABLEREQ mode for alpha &
amd64 stable
x86 stable
Stable for HPPA.
ppc64 stable
ppc stable
sparc stable
arm stable
alpha stable
ia64 stable. Maintainer(s), please cleanup. Security, please vote.
Thanks for your work! Vulnerable versions was hardmasked by Eray Aslan. GLSA vote: no
GLSA vote: no. Closing as [noglsa].
