漏洞信息详情
Dovecot ACL "parent/child/child"安全绕过漏洞
- CNNVD编号:CNNVD-200810-273
- 危害等级: 中危
- CVE编号: CVE-2008-4578
- 漏洞类型: 权限许可和访问控制
- 发布时间: 2008-10-15
- 威胁类型: 远程
- 更新时间: 2009-02-05
- 厂 商: dovecot
- 漏洞来源: Dovecot
漏洞简介
Dovecot中的ACL插件允许攻击者通过运行\"k\"权利创建未经授权的\"parent/child/child\"邮箱,以绕过预设的访问限制。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Dovecot Dovecot 1.0.RC11
Dovecot dovecot-1.1.4.tar.gz
http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz
Dovecot Dovecot 1.0 rc29
Dovecot dovecot-1.1.4.tar.gz
http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz
Dovecot Dovecot 1.0.RC4
Dovecot dovecot-1.1.4.tar.gz
http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz
Dovecot Dovecot 1.0.RC8
Dovecot dovecot-1.1.4.tar.gz
http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu dovecot-common_1.0.10-1ubuntu5.2_powerpc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.0.10-1ubu ntu5.2_powerpc.deb
Ubuntu dovecot-dev_1.0.10-1ubuntu5.2_powerpc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.0.10-1ubuntu 5.2_powerpc.deb
Ubuntu dovecot-imapd_1.0.10-1ubuntu5.2_powerpc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.0.10-1ubun tu5.2_powerpc.deb
Ubuntu dovecot-pop3d_1.0.10-1ubuntu5.2_powerpc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.0.10-1ubun tu5.2_powerpc.deb
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu dovecot-common_1.1.4-0ubuntu1.3_powerpc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.1.4-0ubun tu1.3_powerpc.deb
Ubuntu dovecot-dev_1.1.4-0ubuntu1.3_powerpc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1 .3_powerpc.deb
Ubuntu dovecot-imapd_1.1.4-0ubuntu1.3_powerpc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubunt u1.3_powerpc.deb
Ubuntu dovecot-pop3d_1.1.4-0ubuntu1.3_powerpc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubunt u1.3_powerpc.deb
Dovecot Dovecot 1.0.beta2
Dovecot dovecot-1.1.4.tar.gz
http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu dovecot-common_1.0.10-1ubuntu5.2_sparc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.0.10-1ubu ntu5.2_sparc.deb
Ubuntu dovecot-dev_1.0.10-1ubuntu5.2_sparc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.0.10-1ubuntu 5.2_sparc.deb
Ubuntu dovecot-imapd_1.0.10-1ubuntu5.2_sparc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.0.10-1ubun tu5.2_sparc.deb
Ubuntu dovecot-pop3d_1.0.10-1ubuntu5.2_sparc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.0.10-1ubun tu5.2_sparc.deb
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu dovecot-common_1.1.4-0ubuntu1.3_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1 .1.4-0ubuntu1.3_i386.deb
Ubuntu dovecot-dev_1.1.4-0ubuntu1.3_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-dev_1.1. 4-0ubuntu1.3_i386.deb
Ubuntu dovecot-imapd_1.1.4-0ubuntu1.3_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1. 1.4-0ubuntu1.3_i386.deb
Ubuntu dovecot-pop3d_1.1.4-0ubuntu1.3_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1. 1.4-0ubuntu1.3_i386.deb
Dovecot Dovecot 1.0
Dovecot dovecot-1.1.4.tar.gz
http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz
Dovecot Dovecot 1.0.RC15
Dovecot dovecot-1.1.4.tar.gz
http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz
Dovecot Dovecot 1.0.RC14
Dovecot dovecot-1.1.4.tar.gz
http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz
Dovecot Dovecot 1.0.RC2
Dovecot dovecot-1.1.4.tar.gz
http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu dovecot-common_1.0.10-1ubuntu5.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1 .0.10-1ubuntu5.2_amd64.deb
Ubuntu dovecot-dev_1.0.10-1ubuntu5.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-dev_1.0. 10-1ubuntu5.2_amd64.deb
Ubuntu dovecot-imapd_1.0.10-1ubuntu5.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1. 0.10-1ubuntu5.2_amd64.deb
Ubuntu dovecot-pop3d_1.0.10-1ubuntu5.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1. 0.10-1ubuntu5.2_amd64.deb
Dovecot Dovecot 1.0.rc1
Dovecot dovecot-1.1.4.tar.gz
http://doveco
参考网址
来源: MLIST
名称: [Dovecot-news] 20081005 v1.1.4 released
链接:http://www.dovecot.org/list/dovecot-news/2008-October/000085.HTML
来源: XF
名称: dovecot-acl-mailbox-security-bypass(45669)
链接:http://xforce.iss.net/xforce/xfdb/45669
来源: BID
名称: 31587
链接:http://www.securityfocus.com/bid/31587
来源: BUGTRAQ
名称: 20081119 Re: [ MDVSA-2008:232 ] dovecot
链接:http://www.securityfocus.com/archive/1/archive/1/498498/100/0/threaded
来源: MANDRIVA
名称: MDVSA-2008:232
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:232
来源: VUPEN
名称: ADV-2008-2745
链接:http://www.frsirt.com/english/advisories/2008/2745
来源: GENTOO
名称: GLSA-200812-16
链接:http://security.gentoo.org/glsa/glsa-200812-16.xml
来源: SECUNIA
名称: 33149
链接:http://secunia.com/advisories/33149
来源: SECUNIA
名称: 32164
链接:http://secunia.com/advisories/32164
来源: bugs.gentoo.org
链接:http://bugs.gentoo.org/show_bug.cgi?id=240409
受影响实体
- Dovecot Dovecot:1.0.Beta4
- Dovecot Dovecot:1.0.4
- Dovecot Dovecot:1.0.Beta5
- Dovecot Dovecot:1.0.5
- Dovecot Dovecot:1.0.Beta6
补丁
暂无
评论