Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2008-4577

Published: 15/10/2008 Updated: 21/01/2024
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Subscribe to Dovecot

Vulnerability Summary

The ACL plugin in Dovecot prior to 1.1.4 treats negative access rights as if they are positive access rights, which allows malicious users to bypass intended access restrictions.

Vulnerable Product Search on Vulmon Subscribe to Product

dovecot dovecot

fedoraproject fedora 9

fedoraproject fedora 8

opensuse opensuse 10.3-11.1

canonical ubuntu linux 9.04

canonical ubuntu linux 8.10

canonical ubuntu linux 8.04

Vendor Advisories

Red Hat: Low: dovecot security and bug fix update
Synopsis Low: dovecot security and bug fix update Type/Severity Security Advisory: Low Topic An updated dovecot package that corrects two security flaws and various bugsis now available for Red Hat Enterprise Linux 5This update has been rated as having low security impact by the Red HatSecurity Response Te ...
Debian CVElist Bug Report Logs: CVE-2008-4577/CVE-2008-4578: security problems with the ACL plugin
Debian Bug report logs - #502967 CVE-2008-4577/CVE-2008-4578: security problems with the ACL plugin Package: dovecot-common; Maintainer for dovecot-common is (unknown); Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Tue, 21 Oct 2008 11:30:02 UTC Severity: important Tags: security Fixed in version 1:119 ...
Ubuntu Security Notice: dovecot vulnerabilities
It was discovered that the ACL plugin in Dovecot would incorrectly handle negative access rights An attacker could exploit this flaw to access the Dovecot server, bypassing the intended access restrictions This only affected Ubuntu 804 LTS (CVE-2008-4577) ...

References

CWE-863http://bugs.gentoo.org/show_bug.cgi?id=240409http://secunia.com/advisories/32164http://www.securityfocus.com/bid/31587http://www.dovecot.org/list/dovecot-news/2008-October/000085.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:232http://security.gentoo.org/glsa/glsa-200812-16.xmlhttp://secunia.com/advisories/33149http://secunia.com/advisories/33624http://www.redhat.com/support/errata/RHSA-2009-0205.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.htmlhttp://secunia.com/advisories/32471http://www.ubuntu.com/usn/USN-838-1http://secunia.com/advisories/36904http://www.vupen.com/english/advisories/2008/2745https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10376https://access.redhat.com/errata/RHSA-2009:0205https://usn.ubuntu.com/838-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgeryCVE-2024-34351CVE-2024-1076CVE-2024-25522CVE-2024-34547CVE-2024-4644unauthorizedremoteCVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook