Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4578

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-4578
Last Modified 07 Mar 2011 10:12:41
Published 15 Oct 2008 04:08:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4578

Summary

The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.

Vulnerable Systems

Application

  • Dovecot 0.99.13

  • Dovecot 0.99.14

  • Dovecot 1.0

  • Dovecot 1.0 Rc29

  • Dovecot 1.0.10

  • Dovecot 1.0.12

  • Dovecot 1.0.2

  • Dovecot 1.0.3

  • Dovecot 1.0.4

  • Dovecot 1.0.5

  • Dovecot 1.0.6

  • Dovecot 1.0.7

  • Dovecot 1.0.8

  • Dovecot 1.0.9

  • Dovecot 1.0.beta1

  • Dovecot 1.0.beta2

  • Dovecot 1.0.beta3

  • Dovecot 1.0.beta4

  • Dovecot 1.0.beta5

  • Dovecot 1.0.beta6

  • Dovecot 1.0.beta7

  • Dovecot 1.0.beta8

  • Dovecot 1.0.beta9

  • Dovecot 1.0.rc1

  • Dovecot 1.0.rc10

  • Dovecot 1.0.rc11

  • Dovecot 1.0.rc12

  • Dovecot 1.0.rc13

  • Dovecot 1.0.rc14

  • Dovecot 1.0.rc15

  • Dovecot 1.0.rc16

  • Dovecot 1.0.rc17

  • Dovecot 1.0.rc18

  • Dovecot 1.0.rc19

  • Dovecot 1.0.rc2

  • Dovecot 1.0.rc20

  • Dovecot 1.0.rc21

  • Dovecot 1.0.rc22

  • Dovecot 1.0.rc23

  • Dovecot 1.0.rc24

  • Dovecot 1.0.rc25

  • Dovecot 1.0.rc26

  • Dovecot 1.0.rc27

  • Dovecot 1.0.rc28

  • Dovecot 1.0.rc3

  • Dovecot 1.0.rc4

  • Dovecot 1.0.rc5

  • Dovecot 1.0.rc6

  • Dovecot 1.0.rc7

  • Dovecot 1.0.rc8

  • Dovecot 1.0.rc9

  • Dovecot 1.1

  • Dovecot 1.1.0

  • Dovecot 1.1.1

  • Dovecot 1.1.2

  • Dovecot 1.1.3


References

MLIST - [Dovecot-news] 20081005 v1.1.4 released

XF - dovecot-acl-mailbox-security-bypass(45669)

VUPEN - ADV-2008-2745

BID - 31587

BUGTRAQ - 20081119 Re: [ MDVSA-2008:232 ] dovecot

MANDRIVA - MDVSA-2008:232

GENTOO - GLSA-200812-16

SECUNIA - 33149

SECUNIA - 32164

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=240409


Last Updated: 27 May 2016 10:48:33