OX Dovecot Path Traversal Vulnerability in Per-Domain Passwd Files
Vulnerability
A path traversal vulnerability has been identified in OX Dovecot when configured to use per-domain passwd files. This issue arises if the passwd files are placed one directory level above /etc, or if a slash is added to the allowed characters, allowing the domain component to be directory partial. Exploiting this vulnerability could lead to unintended reading of files such as /etc/passwd, with potential implications for authentication or user validation.
Impact
Exploitation of this vulnerability allows for unauthorized reading of sensitive files like /etc/passwd. If this file contains password hashes, it could lead to unauthorized authentication. Additionally, if the user database is accessed, it could incorrectly validate system users as legitimate Dovecot users.
Remediation
Users are advised to upgrade to a fixed version or to use a different authentication scheme that does not rely on file paths. Alternatively, ensure that per-domain passwd files are located in a directory such as /etc/dovecot/auth/%d.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.