CVE-2010-3706 in Dovecotinfo

Zusammenfassung (Englisch)

plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservieren

01.10.2010

Veröffentlichung

06.10.2010

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
54941	Dovecot Access Restriction erweiterte Rechte	264	Proof-of-Concept	Offizieller Fix	CVE-2010-3706

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

◂ ZurückÜbersichtWeiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!