Lucene search

Ubuntu.comUB:CVE-2010-3779

HistoryOct 06, 2010 - 12:00 a.m.

CVE-2010-3779

2010-10-0600:00:00

ubuntu.com

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.4%

JSON

Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin
permission to the owner of each mailbox in a non-public namespace, which
might allow remote authenticated users to bypass intended access
restrictions by changing the ACL of a mailbox, as demonstrated by a
symlinked shared mailbox.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599521>

Notes

Author	Note
sbeattie	from upstream email at http://www.dovecot.org/list/dovecot/2010-October/053452.html it sounds like problem was introduced in 1.2.8, so earlier may not be vulnerable.
mdeslaur	Code doesn’t seem present in karmic and older

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchdovecot< 1:1.2.9-1ubuntu6.3UNKNOWN
ubuntu10.10noarchdovecot< 1:1.2.12-1ubuntu8.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	dovecot	< 1:1.2.9-1ubuntu6.3	UNKNOWN
ubuntu	10.10	noarch	dovecot	< 1:1.2.12-1ubuntu8.1	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2010-3779

nvd.nist.gov/vuln/detail/CVE-2010-3779

security-tracker.debian.org/tracker/CVE-2010-3779

ubuntu.com/security/notices/USN-1059-1

www.cve.org/CVERecord?id=CVE-2010-3779

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.4%

JSON

Related for UB:CVE-2010-3779