CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
82.6%
It was discovered that the ACL plugin in Dovecot would incorrectly
propagate ACLs to new mailboxes. A remote authenticated user could possibly
read new mailboxes that were created with the wrong ACL. (CVE-2010-3304)
It was discovered that the ACL plugin in Dovecot would incorrectly merge
ACLs in certain circumstances. A remote authenticated user could possibly
bypass intended access restrictions and gain access to mailboxes.
(CVE-2010-3706, CVE-2010-3707)
It was discovered that the ACL plugin in Dovecot would incorrectly grant
the admin permission to owners of certain mailboxes. A remote authenticated
user could possibly bypass intended access restrictions and gain access to
mailboxes. (CVE-2010-3779)
It was discovered that Dovecot incorrecly handled the simultaneous
disconnect of a large number of sessions. A remote authenticated user could
use this flaw to cause Dovecot to crash, resulting in a denial of service.
(CVE-2010-3780)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 10.10 | noarch | dovecot-common | < 1:1.2.12-1ubuntu8.1 | UNKNOWN |
Ubuntu | 10.10 | noarch | dovecot-dbg | < 1:1.2.12-1ubuntu8.1 | UNKNOWN |
Ubuntu | 10.10 | noarch | dovecot-dev | < 1:1.2.12-1ubuntu8.1 | UNKNOWN |
Ubuntu | 10.10 | noarch | dovecot-imapd | < 1:1.2.12-1ubuntu8.1 | UNKNOWN |
Ubuntu | 10.10 | noarch | dovecot-pop3d | < 1:1.2.12-1ubuntu8.1 | UNKNOWN |
Ubuntu | 10.04 | noarch | dovecot-common | < 1:1.2.9-1ubuntu6.3 | UNKNOWN |
Ubuntu | 10.04 | noarch | dovecot-dbg | < 1:1.2.9-1ubuntu6.3 | UNKNOWN |
Ubuntu | 10.04 | noarch | dovecot-dev | < 1:1.2.9-1ubuntu6.3 | UNKNOWN |
Ubuntu | 10.04 | noarch | dovecot-imapd | < 1:1.2.9-1ubuntu6.3 | UNKNOWN |
Ubuntu | 10.04 | noarch | dovecot-pop3d | < 1:1.2.9-1ubuntu6.3 | UNKNOWN |