CVE-2008-4578
Published: 15 October 2008
The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
Notes
Author | Note |
---|---|
jdstrand | patch seems intrusive |
mdeslaur | Red Hat and Debian aren't going to fix this in 1.0.x as patch is too intrusive to backport for a minor issue. Let's ignore this also. |
Priority
Status
Package | Release | Status |
---|---|---|
dovecot Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(code not present)
|
gutsy |
Ignored
|
|
hardy |
Ignored
|
|
intrepid |
Not vulnerable
|
|
upstream |
Released
(1.1.4)
|
|
Patches: other: http://hg.dovecot.org/dovecot-1.1/rev/d2657188377b |