FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-4578

This CVE name corresponds to:

Entered Topic
2008-11-19 dovecot -- ACL plugin bypass vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-4578 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-4578
Phase Assigned(20081015)

Description

The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.

References

Source Reference
BUGTRAQ 20081119 Re: [ MDVSA-2008:232 ] dovecot
MLIST [Dovecot-news] 20081005 v1.1.4 released
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=240409
GENTOO GLSA-200812-16
MANDRIVA MDVSA-2008:232
BID 31587
VUPEN ADV-2008-2745
SECUNIA 32164
SECUNIA 33149
XF dovecot-acl-mailbox-security-bypass(45669)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.