CVE-2008-4578
Published: 15 October 2008
The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
Notes
| Author | Note |
|---|---|
| jdstrand | patch seems intrusive |
| mdeslaur | Red Hat and Debian aren't going to fix this in 1.0.x as patch is too intrusive to backport for a minor issue. Let's ignore this also. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
dovecot Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(code not present)
|
| gutsy |
Ignored
|
|
| hardy |
Ignored
|
|
| intrepid |
Not vulnerable
|
|
| upstream |
Released
(1.1.4)
|
|
|
Patches: other: http://hg.dovecot.org/dovecot-1.1/rev/d2657188377b |
||