The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
2008-10-15T20:08:02.670
2025-04-09T00:30:58.490
Deferred
CVSSv3.1: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:P/A:N
10.0
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | dovecot | dovecot | < 1.1.4 | Yes |
| Operating System | fedoraproject | fedora | 8 | Yes |
| Operating System | fedoraproject | fedora | 9 | Yes |
| Operating System | opensuse | opensuse | 10.3-11.1 | Yes |
| Operating System | canonical | ubuntu_linux | 8.04 | Yes |
| Operating System | canonical | ubuntu_linux | 8.10 | Yes |
| Operating System | canonical | ubuntu_linux | 9.04 | Yes |