CVE-2011-2166

Published May 24, 2011

Last updated 7 years ago

Overview

Description: script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-16

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AEE31582-7AE3-4131-BDE9-5654DE58FAF3"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65102391-C9AF-4CA3-AC43-0C52A7A37363"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "593DF083-5960-4BD5-AFC4-668B30E32E59"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DCC5E56-D31E-45F0-B18B-D98C219DEBAA"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:2.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D969ED92-F429-4F67-8366-31A73CEE6A47"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:2.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D4074C5-98E7-4A65-9413-17081FE12F0E"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:2.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "810788F1-D928-4190-94F9-944AF677C9BF"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:2.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD6739FA-5AFE-46E9-AFB6-147736A81A86"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:2.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D486B62-AEB1-448E-88B9-267A1E1405A8"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:2.0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "062E0A90-0C22-4E5F-8D12-B3A17EE87789"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:2.0.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9DCBDC9-B290-4495-8D15-C0E9AD595291"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:2.0.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7574EAB-5E97-4906-9D7E-33654BFAEC6C"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:2.0.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F575E273-7FF6-44A0-A217-7A7544ED8061"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References