CVE-2010-3304

Sažetak

The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.

Reference

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://secunia.com/advisories/43220
http://www.dovecot.org/list/dovecot-news/2010-July/000163.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:217
http://www.openwall.com/lists/oss-security/2010/09/16/14
http://www.openwall.com/lists/oss-security/2010/09/16/17
http://www.securityfocus.com/bid/41964
http://www.ubuntu.com/usn/USN-1059-1
http://www.vupen.com/english/advisories/2010/2840
http://www.vupen.com/english/advisories/2011/0301

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

12-02-2011 - 06:43

Objavljeno

24-09-2010 - 19:00