7.5

CVE-2008-4577

The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DovecotDovecot Version < 1.1.4
FedoraprojectFedora Version8
FedoraprojectFedora Version9
OpensuseOpensuse Version10.3-11.1
CanonicalUbuntu Linux Version8.04 SwEdition-
CanonicalUbuntu Linux Version8.10
CanonicalUbuntu Linux Version9.04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.33% 0.813
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
Mailing List
http://bugs.gentoo.org/show_bug.cgi?id=240409
Issue Tracking
http://secunia.com/advisories/32164
Vendor Advisory
Broken Link
http://secunia.com/advisories/32471
Broken Link
http://secunia.com/advisories/33149
Broken Link
http://secunia.com/advisories/33624
Broken Link
http://secunia.com/advisories/36904
Broken Link
http://security.gentoo.org/glsa/glsa-200812-16.xml
Third Party Advisory
http://www.dovecot.org/list/dovecot-news/2008-October/000085.html
Mailing List
Release Notes
http://www.mandriva.com/security/advisories?name=MDVSA-2008:232
Broken Link
http://www.redhat.com/support/errata/RHSA-2009-0205.html
Broken Link
http://www.securityfocus.com/bid/31587
Third Party Advisory
Broken Link
VDB Entry
http://www.ubuntu.com/usn/USN-838-1
Third Party Advisory
http://www.vupen.com/english/advisories/2008/2745
Permissions Required
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10376
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.html
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.html
Mailing List