dovecot

• Author: Miklos Vajna
• Vulnerable: 1.1.2-1
• Unaffected: 1.1.4-1solaria1

Two security issues have been reported in Dovecot, which can be exploited by malicious users to bypass certain security restrictions.

1. The problem is that the ACL plugin interprets negative access rights as positive access rights, potentially giving an unprivileged user access to restricted resources.
2. An error in the ACL plugin when imposing mailbox creation restrictions can be exploited to create “parent/child/child” mailboxes.

• Bug Tracker URL: http://bugs.frugalware.org/task/3387

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4577
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4578