Computer Security
[EN] securityvulns.ru no-pyccku


dovecot protection bypass
Published:21.11.2008
Source:
SecurityVulns ID:9449
Type:remote
Threat Level:
5/10
Description:Ivalid ACL parsing in ACL plugin. Privilege escalations.
CVE:CVE-2008-4578 (The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.)
 CVE-2008-4577 (The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.)
Original documentdocumentMANDRIVA, [ MDVSA-2008:232 ] dovecot (21.11.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod