Back to search
CVE-2010-3706
Published: Oct 6, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20101004 Re: CVE Request: more dovecot ACL issues
mailing-list
x_refsource_MLIST
USN-1059-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SR:2010:020
vendor-advisory
x_refsource_SUSE
ADV-2010-2572
vdb-entry
x_refsource_VUPEN
[oss-security] 20101004 CVE Request: more dovecot ACL issues
mailing-list
x_refsource_MLIST
MDVSA-2010:217
vendor-advisory
x_refsource_MANDRIVA
43220
third-party-advisory
x_refsource_SECUNIA
ADV-2011-0301
vdb-entry
x_refsource_VUPEN
[dovecot] 20101002 v1.2.15 released
mailing-list
x_refsource_MLIST
[dovecot] 20101002 ACL handling bugs in v1.2.8+ and v2.0
mailing-list
x_refsource_MLIST
ADV-2010-2840
vdb-entry
x_refsource_VUPEN
[dovecot] 20101002 v2.0.5 released
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now