Computer Security

dovecot protection bypass
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



dovecot protection bypass
Published:21.11.2008
Source:BUGTRAQ
SecurityVulns ID:9449
Type:remote
Level:5/10
Description:Ivalid ACL parsing in ACL plugin. Privilege escalations.
CVE:CVE-2008-4578 (The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.)
 CVE-2008-4577 (The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.)
Original documentdocumentMANDRIVA, [ MDVSA-2008:232 ] dovecot (21.11.2008)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server