FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dovecot -- ACL plugin bypass vulnerabilities

Affected packages
dovecot < 1.1.4

Details

VuXML ID 75c24c1d-b688-11dd-88fd-001c2514716c
Discovery 2008-10-05
Entry 2008-11-19

Timo Sirainen reports in dovecot 1.1.4 release notes:

ACL plugin fixes: Negative rights were actually treated as positive rights. 'k' right didn't prevent creating parent/child/child mailbox. ACL groups weren't working.

References

Bugtraq ID 31587
CVE Name CVE-2008-4577
CVE Name CVE-2008-4578