CVE-2008-4577 Information

Feb 14, 2021 cve

Description

The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights which allows attackers to bypass intended access restrictions.

Reference

http://bugs.gentoo.org/show_bug.cgi?id=240409 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/32164 http://secunia.com/advisories/32471 http://secunia.com/advisories/33149 http://secunia.com/advisories/33624 http://secunia.com/advisories/36904 http://security.gentoo.org/glsa/glsa-200812-16.xml http://www.dovecot.org/list/dovecot-news/2008-October/000085.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:232 http://www.redhat.com/support/errata/RHSA-2009-0205.html http://www.securityfocus.com/bid/31587 http://www.ubuntu.com/usn/USN-838-1 http://www.vupen.com/english/advisories/2008/2745 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10376 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.html

Share on: