CVE-2007-6598

Description

Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.

How to fix CVE-2007-6598

To remediate CVE-2007-6598, upgrade the affected package to a fixed version below.

• Debian/dovecot—upgrade to 1:1.0.10-1 or later
• Debian/dovecot—upgrade to 1.0.rc15-2etch3 or later

Is CVE-2007-6598 being exploited?

Low — EPSS is 2.5%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 1:1.0.10-1
• from 0, < 1.0.rc15-2etch3

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-6598