CVE-2010-3779

Priority
Description
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin
permission to the owner of each mailbox in a non-public namespace, which
might allow remote authenticated users to bypass intended access
restrictions by changing the ACL of a mailbox, as demonstrated by a
symlinked shared mailbox.
Notes
 sbeattie> from upstream email at
  http://www.dovecot.org/list/dovecot/2010-October/053452.html it
  sounds like problem was introduced in 1.2.8, so earlier may not
  be vulnerable.
 mdeslaur> Code doesn't seem present in karmic and older
Package
Upstream:released (1.2.15, 2.0.5)
Patches:
Upstream:http://hg.dovecot.org/dovecot-1.2/rev/9e824012da57
More Information

Updated: 2019-03-19 11:55:23 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)