CVE-2008-4577
Published: 15 October 2008
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
Priority
Status
Package | Release | Status |
---|---|---|
dovecot Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(code not present)
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(1:1.0.10-1ubuntu5.2)
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
upstream |
Released
(1.1.4)
|
|
Patches: other: http://hg.dovecot.org/dovecot-1.0/rev/2dc3a5678fe5 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |