dovecot: negative rights in ACL plugin
| Package(s): | dovecot |
CVE #(s): | CVE-2008-4577
|
| Created: | October 30, 2008 |
Updated: | September 28, 2009 |
| Description: |
dovecot has a restriction bypass vulnerability. From the
vulnerability database entry:
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions. |
| Alerts: |
| Ubuntu |
USN-838-1 |
dovecot |
2009-09-28 |
| SuSE |
SUSE-SR:2009:004 |
apache, audacity, dovecot, libtiff-devel, libvirt, mediawiki, netatalk, novell-ipsec-tools,opensc, perl, phpPgAdmin, sbl, sblim-sfcb, squirrelmail, swfdec, tomcat5, virtualbox, websphere-as_ce, wine, xine-devel |
2009-02-17 |
| rPath |
rPSA-2008-0341-1 |
dovecot |
2008-12-22 |
| Red Hat |
RHSA-2009:0205-02 |
dovecot |
2009-01-20 |
| Gentoo |
200812-16 |
dovecot |
2008-12-14 |
| Mandriva |
MDVSA-2008:232 |
dovecot |
2008-11-19 |
| Fedora |
FEDORA-2008-9202 |
dovecot |
2008-10-30 |
| Fedora |
FEDORA-2008-9232 |
dovecot |
2008-10-30 |
|
