47 matches found
dovecot: incorrect handling of negative rights in the ACL plugin
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions...
[Backports-security-announce] Security Update for dovecot
Gerfried Fuchs uploaded new packages for dovecot which fixed the following security problems: CVE-2008-4577, Debian Bug 502967 The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions...
[Backports-security-announce] Security Update for dovecot
Gerfried Fuchs uploaded new packages for dovecot which fixed the following security problems: CVE-2008-4577, Debian Bug 502967 The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions...
dovecot protection bypass
Ivalid ACL parsing in ACL plugin. Privilege escalations...
Dovecot ACL Plugin Security Bypass Vulnerabilities
This host has Dovecot ACL Plugin installed and is prone to multiple security bypass vulnerabilities. OpenVAS Vulnerability Test $Id: gbdovecotmultsecbypassvuln.nasl 5158 2017-02-01 14:53:04Z mime $ Dovecot ACL Plugin Security Bypass Vulnerabilities Authors: Chandan S Copyright: Copyright c 2008...
Dovecot ACL Plugin Security Bypass Vulnerabilities
Dovecot ACL Plugin is prone to multiple security bypass vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2008-4577
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions...
CVE-2008-4577
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions...
CVE-2008-4578
The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes...
Design/Logic Flaw
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions...
CVE-2008-4577
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions...
CVE-2008-4577
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions...
CVE-2008-4578
The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes...
Security feature bypass
The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes...
CVE-2008-4578
The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes...
CVE-2008-4577
CVE-2008-4577 affects Dovecot; the ACL plug-in incorrectly treats negative access rights as positive, allowing bypass of access restrictions. The issue concerns Dovecot versions prior to 1.1.4 (per initial description). Various connected advisories note this vulnerability alongside CVE-2008-4870,...
CVE-2008-4578
The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes...
CVE-2008-4577
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions...
PT-2008-5795 · Dovecot +1 · Dovecot +1
Name of the Vulnerable Software and Affected Versions: Dovecot versions prior to 1.1.4 Description: The issue allows attackers to bypass intended access restrictions due to the ACL plugin treating negative access rights as if they are positive access rights. Recommendations: For versions prior to...
Dovecot possible privilege ascalation in ACL plugin
The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a 1 COPY or 2 APPEND command...