CVE-2010-3706
Published Oct 6, 2010
Last updated 14 years ago
Overview
- Description
- plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5.5
- Impact score
- 4.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD2D1C99-0594-4378-AA6C-EC2E890E41FA"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96F35305-79B4-49CD-A89F-A559CA9EEB33"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EDC7E277-A5AE-4025-8412-E715D1C8C0F9"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DBE1D51-B9D5-4E59-81F6-C6937DA78637"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "30B37ACE-64EA-49E7-B836-C3F05CAE0392"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1204F5C2-916D-4C27-A5C4-5B5E0AAA7322"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0C46C8A-EA49-4356-BA6B-8EC0F2E70B3B"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96F54038-B17B-40C0-9C2E-20AF55E7602B"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BBB0B72A-1C7D-4F89-BE89-CD82F667CB76"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FEF89EB6-CBF5-48DF-8FDD-2C0AE0266B3D"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41B2B3D8-EB69-4BD8-ACD5-CB6BFDE6B2FB"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1A909DC-0D77-4690-87D2-51A7564B63B8"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB2F767F-5D7F-40AC-BA57-4E819F486301"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68296C7C-B72C-46E7-A280-5E86E1470FDC"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72E1AF54-0446-49FB-A6B8-AF14833A3D0C"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dovecot:dovecot:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AEE31582-7AE3-4131-BDE9-5654DE58FAF3"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "65102391-C9AF-4CA3-AC43-0C52A7A37363"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:2.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "593DF083-5960-4BD5-AFC4-668B30E32E59"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:2.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4DCC5E56-D31E-45F0-B18B-D98C219DEBAA"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:2.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D969ED92-F429-4F67-8366-31A73CEE6A47"
}
],
"operator": "OR"
}
]
}
]