CVE-2010-3707
Published: 6 October 2010
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
Notes
| Author | Note |
|---|---|
| sbeattie | from upstream email at http://www.dovecot.org/list/dovecot/2010-October/053452.html it sounds like problem was introduced in 1.2.8, so earlier may not be vulnerable. |
| mdeslaur | seems to be introduced by this: http://hg.dovecot.org/dovecot-1.2/rev/76ff6831c9ae |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
dovecot Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(1.0.beta3-3ubuntu5.6)
|
| hardy |
Not vulnerable
(1:1.0.10-1ubuntu5.2)
|
|
| jaunty |
Ignored
(end of life)
|
|
| karmic |
Not vulnerable
(1:1.1.11-0ubuntu11)
|
|
| lucid |
Released
(1:1.2.9-1ubuntu6.3)
|
|
| maverick |
Released
(1:1.2.12-1ubuntu8.1)
|
|
| upstream |
Released
(1.2.15, 2.0.5)
|
|
|
Patches: upstream: http://hg.dovecot.org/dovecot-1.2/rev/fd607e10e75d |
||