641287 – (CVE-2010-3779) CVE-2010-3779 Dovecot: Admin permissions granted to the owner of each mailbox in a non-public namespace

Bug 641287 (CVE-2010-3779) - CVE-2010-3779 Dovecot: Admin permissions granted to the owner of each mailbox in a non-public namespace

Summary: CVE-2010-3779 Dovecot: Admin permissions granted to the owner of each mailbox...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2010-3779
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-10-08 09:47 UTC by Jan Lieskovsky
Modified:	2021-03-26 15:07 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-08-22 06:25:07 UTC
Embargoed:

Attachments	(Terms of Use)

Description Jan Lieskovsky 2010-10-08 09:47:04 UTC

Common Vulnerabilities and Exposures assigned an identifier CVE-2010-3779 to
the following vulnerability:

Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the
admin permission to the owner of each mailbox in a non-public
namespace, which might allow remote authenticated users to bypass
intended access restrictions by changing the ACL of a mailbox, as
demonstrated by a symlinked shared mailbox.

References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3779
[2] http://www.dovecot.org/list/dovecot/2010-October/053452.html
[3] http://www.dovecot.org/list/dovecot/2010-October/053450.html

Comment 3 Huzaifa S. Sidhpurwala 2010-11-17 03:59:38 UTC

Statement:

Not vulnerable. This issue did not affect the versions of dovecot as
shipped with Red Hat Enterprise Linux 4, 5 or 6.

Note You need to log in before you can comment on or make changes to this bug.