Dovecot ACL Plugin Security Bypass Vulnerabilities Network Vulnerability

Summary

This host has Dovecot ACL Plugin installed and is prone to multiple security bypass vulnerabilities.

Impact

Successful attack could allow malicious people to bypass certain security restrictions or manipulate certain data. Impact Level: Application

Solution

Upgrade to Dovecot version 1.1.4 http://www.dovecot.org/download.html

Insight

The flaws are due to, - the ACL plugin interprets negative access rights as positive access rights, potentially giving an unprivileged user access to restricted resources. - an error in the ACL plugin when imposing mailbox creation restrictions to to create parent/child/child mailboxes.

Affected

Dovecot versions prior to 1.1.4 on Linux

References

http://www.dovecot.org/list/dovecot-news/2008-October/000085.html
http://www.frsirt.com/english/advisories/2008/2745

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4577, CVE-2008-4578
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

dotProject Privilege Escalation Vulnerability
Avaya P330 Stackable Switch found with default password
Ziproxy Security Bypass Vulnerability
Allied Telesyn Router/Switch found with default password
Shiva LanRover Blank Password

Take action and discover your vulnerabilities