CVE-2008-1218

Publication date 10 March 2008

Last updated 24 July 2024

Ubuntu priority

Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
dovecot	7.10 gutsy	Not affected
	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

exploitable through code introduced in 1.0.11

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-593-1
Dovecot vulnerabilities
26 March 2008

Other references

http://www.dovecot.org/list/dovecot-news/2008-March/000065.html
https://www.cve.org/CVERecord?id=CVE-2008-1218