Lucene search
Ubuntu.comUB:CVE-2010-3304HistorySep 24, 2010 - 12:00 a.m.
CVE-2010-3304
2010-09-2400:00:00
ubuntu.com
ubuntu.com
9
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.007 Low
EPSS
Percentile
79.7%
The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to
newly created mailboxes in certain configurations, which might allow remote
attackers to read mailboxes that have unintended weak ACLs.
Notes
| Author | Note |
|---|---|
| mdeslaur | upstream says only 1.2.x, but code is present in at least as far back as jaunty. Code doesn’t look affected in hardy and earlier. Couldn’t reproduce on karmic, so not-affected. |
Related
nessus
nessus
openSUSE Security Update : dovecot12 (openSUSE-SU-2010:0636-1)
2010-09-21 00:00:00
openSUSE Security Update : dovecot12 (openSUSE-SU-2010:0636-1)
2014-06-13 00:00:00
Ubuntu 10.04 LTS / 10.10 : dovecot vulnerabilities (USN-1059-1)
2011-02-08 00:00:00
prion
prion
Design/Logic Flaw
2010-09-24 19:00:00
nvd
nvd
CVE-2010-3304
2010-09-24 19:00:04
debiancve
debiancve
CVE-2010-3304
2010-09-24 19:00:04
cve
cve
CVE-2010-3304
2010-09-24 19:00:04
cvelist
cvelist
CVE-2010-3304
2010-09-24 18:00:00
ubuntu
ubuntu
Dovecot vulnerabilities
2011-02-07 00:00:00
openvas
openvas
Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
2010-11-16 00:00:00
Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
2010-11-16 00:00:00
Ubuntu: Security Advisory (USN-1059-1)
2011-02-11 00:00:00
securityvulns
securityvulns
[ MDVSA-2010:217 ] dovecot
2010-11-02 00:00:00
Dovecot multiple security vulnerabilities
2010-11-02 00:00:00
gentoo
gentoo
Dovecot: Multiple vulnerabilities
2011-10-10 00:00:00
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.007 Low
EPSS
Percentile
79.7%
Related for UB:CVE-2010-3304