Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4577

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2008-4577
Last Modified 07 Mar 2011 10:12:41
Published 15 Oct 2008 04:08:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4577

Summary

The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.

Vulnerable Systems

Application

  • Dovecot 0.99.13

  • Dovecot 0.99.14

  • Dovecot 1.0

  • Dovecot 1.0 Rc29

  • Dovecot 1.0.10

  • Dovecot 1.0.12

  • Dovecot 1.0.2

  • Dovecot 1.0.3

  • Dovecot 1.0.4

  • Dovecot 1.0.5

  • Dovecot 1.0.6

  • Dovecot 1.0.7

  • Dovecot 1.0.8

  • Dovecot 1.0.9

  • Dovecot 1.0.beta1

  • Dovecot 1.0.beta2

  • Dovecot 1.0.beta3

  • Dovecot 1.0.beta4

  • Dovecot 1.0.beta5

  • Dovecot 1.0.beta6

  • Dovecot 1.0.beta7

  • Dovecot 1.0.beta8

  • Dovecot 1.0.beta9

  • Dovecot 1.0.rc1

  • Dovecot 1.0.rc10

  • Dovecot 1.0.rc11

  • Dovecot 1.0.rc12

  • Dovecot 1.0.rc13

  • Dovecot 1.0.rc14

  • Dovecot 1.0.rc15

  • Dovecot 1.0.rc16

  • Dovecot 1.0.rc17

  • Dovecot 1.0.rc18

  • Dovecot 1.0.rc19

  • Dovecot 1.0.rc2

  • Dovecot 1.0.rc20

  • Dovecot 1.0.rc21

  • Dovecot 1.0.rc22

  • Dovecot 1.0.rc23

  • Dovecot 1.0.rc24

  • Dovecot 1.0.rc25

  • Dovecot 1.0.rc26

  • Dovecot 1.0.rc27

  • Dovecot 1.0.rc28

  • Dovecot 1.0.rc3

  • Dovecot 1.0.rc4

  • Dovecot 1.0.rc5

  • Dovecot 1.0.rc6

  • Dovecot 1.0.rc7

  • Dovecot 1.0.rc8

  • Dovecot 1.0.rc9

  • Dovecot 1.1

  • Dovecot 1.1.0

  • Dovecot 1.1.1

  • Dovecot 1.1.2

  • Dovecot 1.1.3


References

MLIST - [Dovecot-news] 20081005 v1.1.4 released

FEDORA - FEDORA-2008-9232

FEDORA - FEDORA-2008-9202

VUPEN - ADV-2008-2745

UBUNTU - USN-838-1

BID - 31587

REDHAT - RHSA-2009:0205

MANDRIVA - MDVSA-2008:232

GENTOO - GLSA-200812-16

SECUNIA - 36904

SECUNIA - 33624

SECUNIA - 33149

SECUNIA - 32471

SECUNIA - 32164

SUSE - SUSE-SR:2009:004

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=240409

Related Patches

Red Hat 2009:0205-10 RHSA Low: dovecot security and bug fix update for RHEL 5 x86


Last Updated: 27 May 2016 10:48:32