Home > Vulnerability Database > CVE-2008-4577

Mend.io Vulnerability Database

CVE-2008-4577

Date: October 15, 2008

The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.

Severity Score

7.5

Related Resources (21)

Url: http://secunia.com/advisories/32164

Url: http://secunia.com/advisories/32471

Url: http://secunia.com/advisories/33624

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10376

Url: http://www.vupen.com/english/advisories/2008/2745

Url: http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

Url: http://www.dovecot.org/list/dovecot-news/2008-October/000085.html

Url: http://secunia.com/advisories/36904

Url: https://access.redhat.com/security/cve/CVE-2008-4577

Url: http://secunia.com/advisories/33149

Url: http://www.ubuntu.com/usn/USN-838-1

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:232

Url: https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.html

Url: http://www.securityfocus.com/bid/31587

Url: https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.html

Url: http://www.redhat.com/support/errata/RHSA-2009-0205.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-4577

Url: http://security.gentoo.org/glsa/glsa-200812-16.xml

Url: http://bugs.gentoo.org/show_bug.cgi?id=240409

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4577

Url: https://www.mend.io/vulnerability-database/CVE-2008-4577

Severity Score

7.5

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	6.4
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-4577

Date: October 15, 2008

Severity Score

Related Resources (21)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?