CVE-2008-4577 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 76%

Vendor	Product	Version
dovecot	dovecot	𝑥 < 1.1.4
opensuse	opensuse	10.3-11.1
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	8.10
canonical	ubuntu_linux	9.04

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

dovecot

bullseye	1:2.3.13+dfsg1-2+deb11u1 fixed
etch	no-dsa
bullseye (security)	1:2.3.13+dfsg1-2+deb11u2 fixed
bookworm	1:2.3.19.1+dfsg1-2.1+deb12u1 fixed
bookworm (security)	1:2.3.19.1+dfsg1-2.1+deb12u1 fixed
sid	1:2.3.21.1+dfsg1-1 fixed
trixie	1:2.3.21.1+dfsg1-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

dovecot

jaunty	not-affected
intrepid	not-affected
hardy	Fixed 1:1.0.10-1ubuntu5.2 released
gutsy	ignored
dapper	not-affected

Common Weakness Enumeration

CWE-863 - Incorrect Authorization
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References

http://bugs.gentoo.org/show_bug.cgi?id=240409

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

http://secunia.com/advisories/32164

http://secunia.com/advisories/32471

http://secunia.com/advisories/33149

http://secunia.com/advisories/33624

http://secunia.com/advisories/36904

http://security.gentoo.org/glsa/glsa-200812-16.xml

http://www.dovecot.org/list/dovecot-news/2008-October/000085.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:232

http://www.redhat.com/support/errata/RHSA-2009-0205.html

http://www.securityfocus.com/bid/31587

http://www.ubuntu.com/usn/USN-838-1

http://www.vupen.com/english/advisories/2008/2745

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10376

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.html

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.html

http://bugs.gentoo.org/show_bug.cgi?id=240409

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

http://secunia.com/advisories/32164

http://secunia.com/advisories/32471

http://secunia.com/advisories/33149

http://secunia.com/advisories/33624

http://secunia.com/advisories/36904

http://security.gentoo.org/glsa/glsa-200812-16.xml

http://www.dovecot.org/list/dovecot-news/2008-October/000085.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:232

http://www.redhat.com/support/errata/RHSA-2009-0205.html

http://www.securityfocus.com/bid/31587

http://www.ubuntu.com/usn/USN-838-1

http://www.vupen.com/english/advisories/2008/2745

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10376

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.html

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.html