Dovecot: >> Dovecot >> 1.2.15 Security Vulnerabilities
checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.
CVSS Score
5.8
EPSS Score
0.002
Published
2013-12-09
lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
CVSS Score
5.0
EPSS Score
0.065
Published
2011-05-24
Page 4