1. CVE-Search
  2. CVE-2007-4211
ID CVE-2007-4211
Summary The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
References
Vulnerable Configurations
  • cpe:2.3:a:dovecot:dovecot:-:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:-:*:*:*:*:*:*:*
CVSS
Base: 6.0 (as of 29-09-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:P/A:P
oval via4
accepted 2013-04-29T04:14:41.649-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
family unix
id oval:org.mitre.oval:def:11558
status accepted
submitted 2010-07-09T03:56:16-04:00
title The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
version 19
redhat via4
advisories
rhsa
id RHSA-2008:0297
rpms
  • dovecot-0:1.0.7-2.el5
  • dovecot-debuginfo-0:1.0.7-2.el5
refmap via4
bid 25182
confirm https://issues.rpath.com/browse/RPL-1621
mlist [dovecot-news] 20070801 v1.0.3 released
secunia
  • 26320
  • 26475
  • 30342
xf dovecot-aclplugin-security-bypass(35767)
statements via4
contributor Mark J Cox
lastmodified 2008-05-21
organization Red Hat
statement These issues did not affect the dovecot versions as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. An update to Red Hat Enterprise Linux 5 was released to correct this issue: https://rhn.redhat.com/errata/RHSA-2008-0297.html
Last major update 29-09-2017 - 01:29
Published 08-08-2007 - 02:17
Last modified 29-09-2017 - 01:29
Back to Top