CVE-2010-3304

EPSS 2.7%

The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.

Produtos afetados

n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://secunia.com/advisories/43220 http://www.dovecot.org/list/dovecot-news/2010-July/000163.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:217 http://www.openwall.com/lists/oss-security/2010/09/16/14 http://www.openwall.com/lists/oss-security/2010/09/16/17 http://www.securityfocus.com/bid/41964 http://www.ubuntu.com/usn/USN-1059-1 http://www.vupen.com/english/advisories/2010/2840 http://www.vupen.com/english/advisories/2011/0301