Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2010-10-06T20:00:00
Updated: 2010-11-19T10:00:00
Reserved: 2010-10-06T00:00:00
Link: CVE-2010-3779
JSON object: View
NVD Information
Status : Modified
Published: 2010-10-06T21:00:01.180
Modified: 2011-02-12T06:44:14.790
Link: CVE-2010-3779
JSON object: View
Redhat Information
No data.
CWE