Gentoo Linux Security Advisory 202310-19 - A vulnerability has been discovered in Dovecot that can lead to a privilege escalation when master and non-master passdbs are used. Versions greater than or equal to 2.3.19.1-r1 are affected.
7d5b178b888666bb41a4b00c126e67dcfd03c3815a0b2193c4d0a4211d3ac5f5
Red Hat Security Advisory 2022-8208-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a privilege escalation vulnerability.
1c058e83ddb123ad31ada14507e1f3dd3a47def167186e8200331dc747993688
Red Hat Security Advisory 2022-7623-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a privilege escalation vulnerability.
b179fbf11c0921bcf24d4d4ab71f281c6b8c8d9b3c9c355b2c652a2687e77864
Ubuntu Security Notice 5509-1 - Julian Brook discovered that Dovecot incorrectly handled multiple passdb configuration entries. In certain configurations, a remote attacker could possibly use this issue to escalate privileges.
b5cd6d6448708528023e5f33f75e0a96cd077e0c2d7dfbf1872d55128a572bfa
Dovecot IMAP server version 2.2 suffers from a privilege escalation vulnerability. When two passdb configuration entries exist in the Dovecot configuration, which have the same driver and args settings, the incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation with certain configurations involving master user authentication.
c9c1a6dcc53febbada1b722a950a737522f4c2987b34eb7b27226ddd2a58c66b