CVE-2010-3779

Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
dovecotdovecot
1.2.0
dovecotdovecot
1.2.1
dovecotdovecot
1.2.2
dovecotdovecot
1.2.3
dovecotdovecot
1.2.4
dovecotdovecot
1.2.5
dovecotdovecot
1.2.6
dovecotdovecot
1.2.7
dovecotdovecot
1.2.8
dovecotdovecot
1.2.9
dovecotdovecot
1.2.10
dovecotdovecot
1.2.11
dovecotdovecot
1.2.12
dovecotdovecot
1.2.13
dovecotdovecot
1.2.14
dovecotdovecot
2.0:beta1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dovecot
bullseye
1:2.3.13+dfsg1-2+deb11u1
fixed
lenny
not-affected
bullseye (security)
1:2.3.13+dfsg1-2+deb11u2
fixed
bookworm
1:2.3.19.1+dfsg1-2.1+deb12u1
fixed
bookworm (security)
1:2.3.19.1+dfsg1-2.1+deb12u1
fixed
sid
1:2.3.21.1+dfsg1-1
fixed
trixie
1:2.3.21.1+dfsg1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dovecot
maverick
Fixed 1:1.2.12-1ubuntu8.1
released
lucid
Fixed 1:1.2.9-1ubuntu6.3
released
karmic
not-affected
jaunty
ignored
hardy
not-affected
dapper
not-affected
Common Weakness Enumeration
References
http://secunia.com/advisories/43220
http://www.dovecot.org/list/dovecot/2010-October/053450.html
http://www.dovecot.org/list/dovecot/2010-October/053452.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:217
http://www.ubuntu.com/usn/USN-1059-1
http://www.vupen.com/english/advisories/2010/2840
http://www.vupen.com/english/advisories/2011/0301
http://secunia.com/advisories/43220
http://www.dovecot.org/list/dovecot/2010-October/053450.html
http://www.dovecot.org/list/dovecot/2010-October/053452.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:217
http://www.ubuntu.com/usn/USN-1059-1
http://www.vupen.com/english/advisories/2010/2840
http://www.vupen.com/english/advisories/2011/0301