Lucene search
Ubuntu.comUB:CVE-2008-4578HistoryOct 15, 2008 - 12:00 a.m.
CVE-2008-4578
2008-10-1500:00:00
ubuntu.com
ubuntu.com
5
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
77.1%
The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended
access restrictions by using the “k” right to create unauthorized
“parent/child/child” mailboxes.
Bugs
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502967>
- <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-4578>
Notes
| Author | Note |
|---|---|
| jdstrand | patch seems intrusive |
| mdeslaur | Red Hat and Debian aren’t going to fix this in 1.0.x as patch is too intrusive to backport for a minor issue. Let’s ignore this also. |
Related
debiancve
debiancve
CVE-2008-4578
2008-10-15 20:08:00
prion
prion
Security feature bypass
2008-10-15 20:08:00
cve
cve
CVE-2008-4578
2008-10-15 20:08:00
securityvulns
securityvulns
[ MDVSA-2008:232 ] dovecot
2008-11-21 00:00:00
dovecot protection bypass
2008-11-21 00:00:00
nessus
nessus
FreeBSD : dovecot -- ACL plugin bypass vulnerabilities (75c24c1d-b688-11dd-88fd-001c2514716c)
2008-11-21 00:00:00
Mandriva Linux Security Advisory : dovecot (MDVSA-2008:232)
2009-04-23 00:00:00
GLSA-200812-16 : Dovecot: Multiple vulnerabilities
2008-12-15 00:00:00
openvas
openvas
FreeBSD Ports: dovecot
2008-11-24 00:00:00
Dovecot ACL Plugin Security Bypass Vulnerabilities
2008-10-17 00:00:00
FreeBSD Ports: dovecot
2008-11-24 00:00:00
freebsd
freebsd
dovecot -- ACL plugin bypass vulnerabilities
2008-10-05 00:00:00
gentoo
gentoo
Dovecot: Multiple vulnerabilities
2008-12-14 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
77.1%
Related for UB:CVE-2008-4578