| Vulnerability Name: | CVE-2010-3779 (CCN-62340) | ||||||||
| Assigned: | 2010-10-02 | ||||||||
| Published: | 2010-10-02 | ||||||||
| Updated: | 2011-02-12 | ||||||||
| Summary: | Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox. | ||||||||
| CVSS v3 Severity: | 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N) 2.6 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
2.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2010-3779 Source: SECUNIA Type: UNKNOWN 43220 Source: MLIST Type: Vendor Advisory [dovecot] 20101002 v1.2.15 released Source: CCN Type: Dovecot Web Site [Dovecot] v2.0.5 released Source: MLIST Type: UNKNOWN [dovecot] 20101002 ACL handling bugs in v1.2.8+ and v2.0 Source: MANDRIVA Type: UNKNOWN MDVSA-2010:217 Source: CCN Type: OSVDB ID: 68513 Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass Source: UBUNTU Type: UNKNOWN USN-1059-1 Source: VUPEN Type: UNKNOWN ADV-2010-2840 Source: VUPEN Type: UNKNOWN ADV-2011-0301 Source: XF Type: UNKNOWN dovecot-mailbox-security-bypass(62340) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||