1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
PublicDateAtUSN: 2010-10-06
Candidate: CVE-2010-3707
PublicDate: 2010-10-06
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3707
http://www.ubuntu.com/usn/usn-1059-1
Description:
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x
before 2.0.5 interprets an ACL entry as a directive to add to the
permissions granted by another ACL entry, instead of a directive to replace
the permissions granted by another ACL entry, in certain circumstances
involving more specific entries that occur after less specific entries,
which allows remote authenticated users to bypass intended access
restrictions via a request to read or modify a mailbox.
Ubuntu-Description:
Notes:
sbeattie> from upstream email at
http://www.dovecot.org/list/dovecot/2010-October/053452.html it sounds
like problem was introduced in 1.2.8, so earlier may not be
vulnerable.
mdeslaur> seems to be introduced by this:
mdeslaur> http://hg.dovecot.org/dovecot-1.2/rev/76ff6831c9ae
Bugs:
Priority: low
Discovered-by:
Assigned-to:
Patches_dovecot:
upstream: http://hg.dovecot.org/dovecot-1.2/rev/fd607e10e75d
upstream_dovecot: released (1.2.15, 2.0.5)
dapper_dovecot: not-affected (1.0.beta3-3ubuntu5.6)
hardy_dovecot: not-affected (1:1.0.10-1ubuntu5.2)
jaunty_dovecot: ignored (reached end-of-life)
karmic_dovecot: not-affected (1:1.1.11-0ubuntu11)
lucid_dovecot: released (1:1.2.9-1ubuntu6.3)
maverick_dovecot: released (1:1.2.12-1ubuntu8.1)
devel_dovecot: not-affected (1:1.2.15-3ubuntu1)
|