Hide Forgot
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-3304 to the following vulnerability: The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3304 [2] http://www.dovecot.org/list/dovecot-news/2010-July/000163.html [3] http://www.openwall.com/lists/oss-security/2010/09/16/14 [4] http://www.openwall.com/lists/oss-security/2010/09/16/17 [5] http://www.mandriva.com/security/advisories?name=MDVSA-2010:217 [6] http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html [7] http://www.ubuntu.com/usn/USN-1059-1 [8] http://www.securityfocus.com/bid/41964 [9] http://secunia.com/advisories/43220 [10] http://www.vupen.com/english/advisories/2010/2840 [11] http://www.vupen.com/english/advisories/2011/0301 [12] http://www.gentoo.org/security/en/glsa/glsa-201110-04.xml [13] http://packetstormsecurity.org/files/view/105775/sa46363.txt
Statement: This issue does not affect the version of dovecot package, as shipped with Red Hat Enterprise Linux 4, 5 and 6.
This issue does not affect the version of dovecot as shipped with Fedora 14 and 15.