1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
Candidate: CVE-2008-4578
PublicDate: 2008-10-15
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4578
Description:
The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended
access restrictions by using the "k" right to create unauthorized
"parent/child/child" mailboxes.
Ubuntu-Description:
Notes:
jdstrand> patch seems intrusive
mdeslaur> Red Hat and Debian aren't going to fix this in 1.0.x as patch is
mdeslaur> too intrusive to backport for a minor issue.
mdeslaur> Let's ignore this also.
Bugs:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502967
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-4578
Priority: low
Discovered-by:
Assigned-to:
Patches_dovecot:
patch: http://hg.dovecot.org/dovecot-1.1/rev/d2657188377b
upstream_dovecot: released (1.1.4)
dapper_dovecot: not-affected (code not present)
gutsy_dovecot: ignored
hardy_dovecot: ignored
intrepid_dovecot: not-affected
devel_dovecot: not-affected
|