FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-4577

This CVE name corresponds to:

Entered Topic
2008-11-19 dovecot -- ACL plugin bypass vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2008-4577
Phase Assigned(20081015)

Description

The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.

References

Source Reference
MLIST [Dovecot-news] 20081005 v1.1.4 released
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=240409
FEDORA FEDORA-2008-9202
FEDORA FEDORA-2008-9232
GENTOO GLSA-200812-16
MANDRIVA MDVSA-2008:232
REDHAT RHSA-2009:0205
SUSE SUSE-SR:2009:004
UBUNTU USN-838-1
BID 31587
OVAL oval:org.mitre.oval:def:10376
SECUNIA 36904
VUPEN ADV-2008-2745
SECUNIA 32164
SECUNIA 33149
SECUNIA 33624
SECUNIA 32471