CVE-2008-4577

HIGH

Dovecot < 1.1.4 - Incorrect Authorization via ACL Plugin

Title source: llm
STIX 2.1

Description

The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.

References (17)

Core 17
Core References
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32164
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32471
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33149
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2745
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31587
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:232
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-838-1
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200812-16.xml
Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=240409
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0205.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33624
Mailing List, Release Notes mailing-list x_refsource_mlist
http://www.dovecot.org/list/dovecot-news/2008-October/000085.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36904

Scores

CVSS v3 7.5
EPSS 0.0233
EPSS Percentile 81.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-863
Status published
Products (7)
canonical/ubuntu_linux 8.04
canonical/ubuntu_linux 8.10
canonical/ubuntu_linux 9.04
dovecot/dovecot < 1.1.4
fedoraproject/fedora 8
fedoraproject/fedora 9
opensuse/opensuse 10.3-11.1
Published Oct 15, 2008
Tracked Since Feb 18, 2026