CVE-2008-4577

high

Description

The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.

References

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.html

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.html

http://www.vupen.com/english/advisories/2008/2745

http://www.ubuntu.com/usn/USN-838-1

http://www.dovecot.org/list/dovecot-news/2008-October/000085.html

http://security.gentoo.org/glsa/glsa-200812-16.xml

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

http://bugs.gentoo.org/show_bug.cgi?id=240409

Details

Source: Mitre, NVD

Published: 2008-10-15

Updated: 2024-01-21

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

Detections

Analytics