Vigil@nce: Dovecot, bypassing access restrictions
November 2008 by Vigil@nce
An attacker can bypass access restrictions set by the ACL plugin
of Dovecot.
– Gravity: 2/4
– Consequences: privileged access/rights
– Provenance: intranet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 2
– Creation date: 20/11/2008
IMPACTED PRODUCTS
– Fedora
– Mandriva Linux
– Unix - plateform
DESCRIPTION
The Dovecot program is an IMAP/POP3 server. Its ACL plugin can be
used to define access restrictions. It has two vulnerabilities.
The access check logic is sometimes reversed. A forbidden attacker
thus obtains the access. [grav:2/4; CVE-2008-4577]
An attacker can use the ’k’ right (creation right) to create child
mailboxes. [grav:1/4; CVE-2008-4578]
An attacker can therefore bypass access restrictions set by the
ACL plugin of Dovecot.
CHARACTERISTICS
– Identifiers: BID-31587, CVE-2008-4577, CVE-2008-4578,
FEDORA-2008-9202, FEDORA-2008-9232, MDVSA-2008:232,
VIGILANCE-VUL-8260
– Url: http://vigilance.fr/vulnerability/8260