5 matches found
SUSE CVE-2008-4577
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions...
dovecot: incorrect handling of negative rights in the ACL plugin
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions...
DEBIAN-CVE-2008-4577
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions...
PT-2008-5795 · Dovecot +1 · Dovecot +1
Name of the Vulnerable Software and Affected Versions: Dovecot versions prior to 1.1.4 Description: The issue allows attackers to bypass intended access restrictions due to the ACL plugin treating negative access rights as if they are positive access rights. Recommendations: For versions prior to...
dovecot -- ACL plugin bypass vulnerabilities
Timo Sirainen reports in dovecot 1.1.4 release notes: ACL plugin fixes: Negative rights were actually treated as positive rights. 'k' right didn't prevent creating parent/child/child mailbox. ACL groups weren't working...