Back to search
CVE-2010-3779
Published: Oct 6, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
USN-1059-1
vendor-advisory
x_refsource_UBUNTU
MDVSA-2010:217
vendor-advisory
x_refsource_MANDRIVA
43220
third-party-advisory
x_refsource_SECUNIA
ADV-2011-0301
vdb-entry
x_refsource_VUPEN
[dovecot] 20101002 v1.2.15 released
mailing-list
x_refsource_MLIST
[dovecot] 20101002 ACL handling bugs in v1.2.8+ and v2.0
mailing-list
x_refsource_MLIST
ADV-2010-2840
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now