CVE-2008-4577

The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.

Link	Resource
http://bugs.gentoo.org/show_bug.cgi?id=240409
http://secunia.com/advisories/32164	Vendor Advisory
http://www.securityfocus.com/bid/31587
http://www.dovecot.org/list/dovecot-news/2008-October/000085.html	Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2008:232
http://security.gentoo.org/glsa/glsa-200812-16.xml
http://secunia.com/advisories/33149
http://secunia.com/advisories/33624
http://www.redhat.com/support/errata/RHSA-2009-0205.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.html
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.html
http://secunia.com/advisories/32471
http://www.ubuntu.com/usn/USN-838-1
http://secunia.com/advisories/36904
http://www.vupen.com/english/advisories/2008/2745
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10376

Configuration 1

cpe:2.3:a:dovecot:dovecot:1.0.6:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc20:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.beta2:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.5:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.beta5:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc15:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.1:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc19:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc12:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.beta4:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.12:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc14:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.beta6:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.2:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.beta9:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.1.2:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc8:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.1:rc2:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc2:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.7:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc25:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:0.99.14:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.beta8:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.beta3:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc16:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.3:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc9:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc27:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.beta1:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc13:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.8:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc11:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.4:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc6:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc26:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc17:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc3:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.10:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.9:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc1:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc21:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc22:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:0.99.13:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc10:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.1.1:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc28:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0_rc29:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.1.0:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc7:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc5:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc18:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc23:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.beta7:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc4:*:*:*:*:*:*:* cpe:2.3:a:dovecot:dovecot:1.0.rc24:*:*:*:*:*:*:*

---

Published : 2008-10-15 08:08

Updated : 2017-09-29 01:32

---

NVD link : CVE-2008-4577

Mitre link : CVE-2008-4577

No products.

CWE-863