Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-3304
HistorySep 24, 2010 - 12:00 a.m.

CVE-2010-3304

2010-09-2400:00:00
ubuntu.com
ubuntu.com
13

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

EPSS

0.007

Percentile

79.7%

The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to
newly created mailboxes in certain configurations, which might allow remote
attackers to read mailboxes that have unintended weak ACLs.

Notes

Author Note
mdeslaur upstream says only 1.2.x, but code is present in at least as far back as jaunty. Code doesn’t look affected in hardy and earlier. Couldn’t reproduce on karmic, so not-affected.
OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchdovecot< 1:1.2.9-1ubuntu6.3UNKNOWN
ubuntu10.10noarchdovecot< 1:1.2.12-1ubuntu8.1UNKNOWN

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

EPSS

0.007

Percentile

79.7%