13 matches found
Oracle Linux 5 : dovecot (ELSA-2009-0205)
The remote Oracle Linux 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2009-0205 advisory. - Resolves: 436287, CVE-2008-4870 - Resolves: 469015, CVE-2008-4577 Tenable has extracted the preceding description block directly from the Oracle Linu...
Ubuntu: Security Advisory (USN-838-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-838-1: Dovecot vulnerabilities
It was discovered that the ACL plugin in Dovecot would incorrectly handle negative access rights. An attacker could exploit this flaw to access the Dovecot server, bypassing the intended access restrictions. This only affected Ubuntu 8.04 LTS. CVE-2008-4577 It was discovered that the ManageSieve...
openSUSE Security Update : dovecot (dovecot-504)
Dovecot didn't properly treat negative access rights therefore allowing attackers to bypass intended access restrictions CVE-2008-4577 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
Mandriva Linux Security Advisory : dovecot (MDVSA-2008:232)
The ACL plugin in dovecot prior to version 1.1.4 treated negative access rights as though they were positive access rights, which allowed attackers to bypass intended access restrictions CVE-2008-4577. The ACL plugin in dovecot prior to version 1.1.4 allowed attackers to bypass intended access...
Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
Check for the Version of dovecot OpenVAS Vulnerability Test Mandriva Update for dovecot MDVSA-2008:232 dovecot Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
Fedora Update for dovecot FEDORA-2008-9232
Check for the Version of dovecot OpenVAS Vulnerability Test Fedora Update for dovecot FEDORA-2008-9232 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Fedora Update for dovecot FEDORA-2008-9202
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
openSUSE 10 Security Update : dovecot (dovecot-5986)
Dovecot didn't properly treat negative access rights therefore allowing attackers to bypass intended access restrictions CVE-2008-4577 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
Gentoo Security Advisory GLSA 200812-16 (dovecot)
The remote host is missing updates announced in advisory GLSA 200812-16. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[Backports-security-announce] Security Update for dovecot
Gerfried Fuchs uploaded new packages for dovecot which fixed the following security problems: CVE-2008-4577, Debian Bug 502967 The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions...
FreeBSD : dovecot -- ACL plugin bypass vulnerabilities (75c24c1d-b688-11dd-88fd-001c2514716c)
Timo Sirainen reports in dovecot 1.1.4 release notes : ACL plugin fixes: Negative rights were actually treated as positive rights. 'k' right didn't prevent creating parent/child/child mailbox. ACL groups weren't working. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...
CVE-2008-4577
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions...