CVE-2010-3779

EUVD-2010-3758
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
dovecotdovecot
1.2.0
dovecotdovecot
1.2.1
dovecotdovecot
1.2.2
dovecotdovecot
1.2.3
dovecotdovecot
1.2.4
dovecotdovecot
1.2.5
dovecotdovecot
1.2.6
dovecotdovecot
1.2.7
dovecotdovecot
1.2.8
dovecotdovecot
1.2.9
dovecotdovecot
1.2.10
dovecotdovecot
1.2.11
dovecotdovecot
1.2.12
dovecotdovecot
1.2.13
dovecotdovecot
1.2.14
dovecotdovecot
2.0:beta1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dovecot
bookworm
1:2.3.19.1+dfsg1-2.1+deb12u1
fixed
bookworm (security)
1:2.3.19.1+dfsg1-2.1+deb12u1
fixed
bullseye
1:2.3.13+dfsg1-2+deb11u1
fixed
bullseye (security)
1:2.3.13+dfsg1-2+deb11u2
fixed
lenny
not-affected
sid
1:2.3.21.1+dfsg1-1
fixed
trixie
1:2.3.21.1+dfsg1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dovecot
dapper
not-affected
hardy
not-affected
jaunty
ignored
karmic
not-affected
lucid
Fixed 1:1.2.9-1ubuntu6.3
released
maverick
Fixed 1:1.2.12-1ubuntu8.1
released
Common Weakness Enumeration
References
http://secunia.com/advisories/43220
http://www.dovecot.org/list/dovecot/2010-October/053450.html
http://www.dovecot.org/list/dovecot/2010-October/053452.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:217
http://www.ubuntu.com/usn/USN-1059-1
http://www.vupen.com/english/advisories/2010/2840
http://www.vupen.com/english/advisories/2011/0301
http://secunia.com/advisories/43220
http://www.dovecot.org/list/dovecot/2010-October/053450.html
http://www.dovecot.org/list/dovecot/2010-October/053452.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:217
http://www.ubuntu.com/usn/USN-1059-1
http://www.vupen.com/english/advisories/2010/2840
http://www.vupen.com/english/advisories/2011/0301