CVE-2010-3304 Information

Description

The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations which might allow remote attackers to read mailboxes that have unintended weak ACLs.

Reference

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://secunia.com/advisories/43220 http://www.dovecot.org/list/dovecot-news/2010-July/000163.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:217 http://www.openwall.com/lists/oss-security/2010/09/16/14 http://www.openwall.com/lists/oss-security/2010/09/16/17 http://www.securityfocus.com/bid/41964 http://www.ubuntu.com/usn/USN-1059-1 http://www.vupen.com/english/advisories/2010/2840 http://www.vupen.com/english/advisories/2011/0301