Vulnerability Description
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dovecot | Dovecot | 1.2.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/43220
- http://www.dovecot.org/list/dovecot/2010-October/053450.htmlVendor Advisory
- http://www.dovecot.org/list/dovecot/2010-October/053452.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:217
- http://www.ubuntu.com/usn/USN-1059-1
- http://www.vupen.com/english/advisories/2010/2840
- http://www.vupen.com/english/advisories/2011/0301
- http://secunia.com/advisories/43220
- http://www.dovecot.org/list/dovecot/2010-October/053450.htmlVendor Advisory
- http://www.dovecot.org/list/dovecot/2010-October/053452.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:217
- http://www.ubuntu.com/usn/USN-1059-1
- http://www.vupen.com/english/advisories/2010/2840
- http://www.vupen.com/english/advisories/2011/0301
FAQ
What is CVE-2010-3779?
CVE-2010-3779 is a vulnerability with a CVSS score of 3.5 (LOW). Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intend...
How severe is CVE-2010-3779?
CVE-2010-3779 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3779?
Check the references section above for vendor advisories and patch information. Affected products include: Dovecot Dovecot.