漏洞信息详情
Dovecot ACL 访问权限安全绕过漏洞
- CNNVD编号:CNNVD-200810-272
- 危害等级: 中危
- CVE编号: CVE-2008-4577
- 漏洞类型: 权限许可和访问控制
- 发布时间: 2008-10-15
- 威胁类型: 远程
- 更新时间: 2009-02-26
- 厂 商: dovecot
- 漏洞来源: Dovecot
漏洞简介
Dovecot中的ACL插件对访问权就像处理确定的访问权一样,攻击者可以绕过预设的访问限制。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Dovecot Dovecot 1.0.RC11
Dovecot dovecot-1.1.4.tar.gz
http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz
Dovecot Dovecot 1.0 rc29
Dovecot dovecot-1.1.4.tar.gz
http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz
Dovecot Dovecot 1.0.RC4
Dovecot dovecot-1.1.4.tar.gz
http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz
Dovecot Dovecot 1.0.RC8
Dovecot dovecot-1.1.4.tar.gz
http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu dovecot-common_1.0.10-1ubuntu5.2_powerpc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.0.10-1ubu ntu5.2_powerpc.deb
Ubuntu dovecot-dev_1.0.10-1ubuntu5.2_powerpc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.0.10-1ubuntu 5.2_powerpc.deb
Ubuntu dovecot-imapd_1.0.10-1ubuntu5.2_powerpc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.0.10-1ubun tu5.2_powerpc.deb
Ubuntu dovecot-pop3d_1.0.10-1ubuntu5.2_powerpc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.0.10-1ubun tu5.2_powerpc.deb
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu dovecot-common_1.1.4-0ubuntu1.3_powerpc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.1.4-0ubun tu1.3_powerpc.deb
Ubuntu dovecot-dev_1.1.4-0ubuntu1.3_powerpc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1 .3_powerpc.deb
Ubuntu dovecot-imapd_1.1.4-0ubuntu1.3_powerpc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubunt u1.3_powerpc.deb
Ubuntu dovecot-pop3d_1.1.4-0ubuntu1.3_powerpc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubunt u1.3_powerpc.deb
Dovecot Dovecot 1.0.beta2
Dovecot dovecot-1.1.4.tar.gz
http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu dovecot-common_1.0.10-1ubuntu5.2_sparc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.0.10-1ubu ntu5.2_sparc.deb
Ubuntu dovecot-dev_1.0.10-1ubuntu5.2_sparc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.0.10-1ubuntu 5.2_sparc.deb
Ubuntu dovecot-imapd_1.0.10-1ubuntu5.2_sparc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.0.10-1ubun tu5.2_sparc.deb
Ubuntu dovecot-pop3d_1.0.10-1ubuntu5.2_sparc.deb
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.0.10-1ubun tu5.2_sparc.deb
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu dovecot-common_1.1.4-0ubuntu1.3_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1 .1.4-0ubuntu1.3_i386.deb
Ubuntu dovecot-dev_1.1.4-0ubuntu1.3_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-dev_1.1. 4-0ubuntu1.3_i386.deb
Ubuntu dovecot-imapd_1.1.4-0ubuntu1.3_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1. 1.4-0ubuntu1.3_i386.deb
Ubuntu dovecot-pop3d_1.1.4-0ubuntu1.3_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1. 1.4-0ubuntu1.3_i386.deb
Dovecot Dovecot 1.0
Dovecot dovecot-1.1.4.tar.gz
http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz
Dovecot Dovecot 1.0.RC15
Dovecot dovecot-1.1.4.tar.gz
http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz
Dovecot Dovecot 1.0.RC14
Dovecot dovecot-1.1.4.tar.gz
http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz
Dovecot Dovecot 1.0.RC2
Dovecot dovecot-1.1.4.tar.gz
http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu dovecot-common_1.0.10-1ubuntu5.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1 .0.10-1ubuntu5.2_amd64.deb
Ubuntu dovecot-dev_1.0.10-1ubuntu5.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-dev_1.0. 10-1ubuntu5.2_amd64.deb
Ubuntu dovecot-imapd_1.0.10-1ubuntu5.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1. 0.10-1ubuntu5.2_amd64.deb
Ubuntu dovecot-pop3d_1.0.10-1ubuntu5.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1. 0.10-1ubuntu5.2_amd64.deb
Dovecot Dovecot 1.0.rc1
Dovecot dovecot-1.1.4.tar.gz
http://doveco
参考网址
来源: VUPEN
名称: ADV-2008-2745
链接:http://www.frsirt.com/english/advisories/2008/2745
来源: MLIST
名称: [Dovecot-news] 20081005 v1.1.4 released
链接:http://www.dovecot.org/list/dovecot-news/2008-October/000085.HTML
来源: FEDORA
名称: FEDORA-2008-9232
链接:https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.HTML
来源: FEDORA
名称: FEDORA-2008-9202
链接:https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.HTML
来源: UBUNTU
名称: USN-838-1
链接:http://www.ubuntu.com/usn/USN-838-1
来源: BID
名称: 31587
链接:http://www.securityfocus.com/bid/31587
来源: REDHAT
名称: RHSA-2009:0205
链接:http://www.redhat.com/support/errata/RHSA-2009-0205.HTML
来源: MANDRIVA
名称: MDVSA-2008:232
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:232
来源: GENTOO
名称: GLSA-200812-16
链接:http://security.gentoo.org/glsa/glsa-200812-16.xml
来源: SECUNIA
名称: 36904
链接:http://secunia.com/advisories/36904
来源: SECUNIA
名称: 33624
链接:http://secunia.com/advisories/33624
来源: SECUNIA
名称: 33149
链接:http://secunia.com/advisories/33149
来源: SECUNIA
名称: 32471
链接:http://secunia.com/advisories/32471
来源: SECUNIA
名称: 32164
链接:http://secunia.com/advisories/32164
来源: SUSE
名称: SUSE-SR:2009:004
链接:http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.HTML
来源: bugs.gentoo.org
链接:http://bugs.gentoo.org/show_bug.cgi?id=240409
受影响实体
- Dovecot Dovecot:1.1.3
- Dovecot Dovecot:1.1.2
- Dovecot Dovecot:1.1.1
- Dovecot Dovecot:1.1.0
- Dovecot Dovecot:1.0.Rc8
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论