Red Hat Bugzilla – Bug 746270
CVE-2010-3304 dovecot: INBOX ACLs to newly created mailboxes propagation, possibly leading to weak ACLs
Last modified: 2011-10-20 03:33:35 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-3304 to the following vulnerability:
The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
This issue does not affect the version of dovecot package, as shipped with Red Hat Enterprise Linux 4, 5 and 6.
This issue does not affect the version of dovecot as shipped with Fedora 14 and 15.