CVE-2008-4577

high

Description

The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.

References

Advisories
More

http://www.ubuntu.com/usn/USN-838-1

http://security.gentoo.org/glsa/glsa-200812-16.xml

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.html

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.html

http://www.vupen.com/english/advisories/2008/2745

http://www.dovecot.org/list/dovecot-news/2008-October/000085.html

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

http://bugs.gentoo.org/show_bug.cgi?id=240409

Details

Source: Mitre, NVD

Published: 2008-10-15

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.01099

Detections

Analytics