plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2010-10-06T16:00:00
Updated: 2010-11-19T10:00:00
Reserved: 2010-10-01T00:00:00
Link: CVE-2010-3707
JSON object: View
NVD Information
Status : Modified
Published: 2010-10-06T17:00:17.407
Modified: 2011-08-27T03:44:11.497
Link: CVE-2010-3707
JSON object: View
Redhat Information
No data.
CWE