CVE-2008-4578

The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://bugs.gentoo.org/show_bug.cgi?id=240409
http://secunia.com/advisories/32164	Vendor Advisory
http://secunia.com/advisories/33149
http://security.gentoo.org/glsa/glsa-200812-16.xml
http://www.dovecot.org/list/dovecot-news/2008-October/000085.html	Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2008:232
http://www.securityfocus.com/archive/1/498498/100/0/threaded
http://www.securityfocus.com/bid/31587
http://www.vupen.com/english/advisories/2008/2745
https://exchange.xforce.ibmcloud.com/vulnerabilities/45669

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dovecot:dovecot::::::::
	cpe:2.3:a:dovecot:dovecot:0.99.13:::::::*
	cpe:2.3:a:dovecot:dovecot:0.99.14:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.2:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.3:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.4:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.5:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.6:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.7:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.8:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.9:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.10:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.12:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.beta1:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.beta2:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.beta3:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.beta4:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.beta5:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.beta6:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.beta7:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.beta8:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.beta9:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc1:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc2:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc3:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc4:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc5:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc6:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc7:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc8:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc9:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc10:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc11:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc12:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc13:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc14:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc15:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc16:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc17:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc18:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc19:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc20:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc21:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc22:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc23:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc24:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc25:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc26:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc27:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0.rc28:::::::*
	cpe:2.3:a:dovecot:dovecot:1.0_rc29:::::::*
	cpe:2.3:a:dovecot:dovecot:1.1:::::::*
	cpe:2.3:a:dovecot:dovecot:1.1:rc2::::::
	cpe:2.3:a:dovecot:dovecot:1.1.0:::::::*
	cpe:2.3:a:dovecot:dovecot:1.1.1:::::::*
	cpe:2.3:a:dovecot:dovecot:1.1.2:::::::*

History

No history.

Information

Published : 2008-10-15 20:08

Updated : 2023-12-10 10:51

NVD link : CVE-2008-4578

Mitre link : CVE-2008-4578

CVE.ORG link : CVE-2008-4578

JSON object : View

Products Affected

dovecot

dovecot

CWE

CWE-264

Permissions, Privileges, and Access Controls

5.0 /10