CVE-2008-4577
CVE-2008-4577
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://bugs.gentoo.org/show_bug.cgi?id=240409http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://secunia.com/advisories/32164http://secunia.com/advisories/32471http://secunia.com/advisories/33149http://secunia.com/advisories/33624http://secunia.com/advisories/36904http://security.gentoo.org/glsa/glsa-200812-16.xmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10376https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.htmlhttp://www.dovecot.org/list/dovecot-news/2008-October/000085.html