漏洞信息详情

Dovecot ACL 访问权限安全绕过漏洞

• CNNVD编号：CNNVD-200810-272
• 危害等级： 中危
  
• CVE编号： CVE-2008-4577
• 漏洞类型： 权限许可和访问控制
• 发布时间： 2008-10-15
• 威胁类型： 远程
• 更新时间： 2009-02-26
• 厂        商： dovecot
• 漏洞来源： Dovecot

漏洞简介

Dovecot中的ACL插件对访问权就像处理确定的访问权一样，攻击者可以绕过预设的访问限制。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Dovecot Dovecot 1.0.RC11

Dovecot dovecot-1.1.4.tar.gz

http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz

Dovecot Dovecot 1.0 rc29

Dovecot dovecot-1.1.4.tar.gz

http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz

Dovecot Dovecot 1.0.RC4

Dovecot dovecot-1.1.4.tar.gz

http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz

Dovecot Dovecot 1.0.RC8

Dovecot dovecot-1.1.4.tar.gz

http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz

Ubuntu Ubuntu Linux 8.04 LTS powerpc

Ubuntu dovecot-common_1.0.10-1ubuntu5.2_powerpc.deb

http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.0.10-1ubu ntu5.2_powerpc.deb

Ubuntu dovecot-dev_1.0.10-1ubuntu5.2_powerpc.deb

http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.0.10-1ubuntu 5.2_powerpc.deb

Ubuntu dovecot-imapd_1.0.10-1ubuntu5.2_powerpc.deb

http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.0.10-1ubun tu5.2_powerpc.deb

Ubuntu dovecot-pop3d_1.0.10-1ubuntu5.2_powerpc.deb

http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.0.10-1ubun tu5.2_powerpc.deb

Ubuntu Ubuntu Linux 8.10 powerpc

Ubuntu dovecot-common_1.1.4-0ubuntu1.3_powerpc.deb

http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.1.4-0ubun tu1.3_powerpc.deb

Ubuntu dovecot-dev_1.1.4-0ubuntu1.3_powerpc.deb

http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1 .3_powerpc.deb

Ubuntu dovecot-imapd_1.1.4-0ubuntu1.3_powerpc.deb

http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubunt u1.3_powerpc.deb

Ubuntu dovecot-pop3d_1.1.4-0ubuntu1.3_powerpc.deb

http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubunt u1.3_powerpc.deb

Dovecot Dovecot 1.0.beta2

Dovecot dovecot-1.1.4.tar.gz

http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz

Ubuntu Ubuntu Linux 8.04 LTS sparc

Ubuntu dovecot-common_1.0.10-1ubuntu5.2_sparc.deb

http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.0.10-1ubu ntu5.2_sparc.deb

Ubuntu dovecot-dev_1.0.10-1ubuntu5.2_sparc.deb

http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.0.10-1ubuntu 5.2_sparc.deb

Ubuntu dovecot-imapd_1.0.10-1ubuntu5.2_sparc.deb

http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.0.10-1ubun tu5.2_sparc.deb

Ubuntu dovecot-pop3d_1.0.10-1ubuntu5.2_sparc.deb

http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.0.10-1ubun tu5.2_sparc.deb

Ubuntu Ubuntu Linux 8.10 i386

Ubuntu dovecot-common_1.1.4-0ubuntu1.3_i386.deb

http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1 .1.4-0ubuntu1.3_i386.deb

Ubuntu dovecot-dev_1.1.4-0ubuntu1.3_i386.deb

http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-dev_1.1. 4-0ubuntu1.3_i386.deb

Ubuntu dovecot-imapd_1.1.4-0ubuntu1.3_i386.deb

http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1. 1.4-0ubuntu1.3_i386.deb

Ubuntu dovecot-pop3d_1.1.4-0ubuntu1.3_i386.deb

http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1. 1.4-0ubuntu1.3_i386.deb

Dovecot Dovecot 1.0

Dovecot dovecot-1.1.4.tar.gz

http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz

Dovecot Dovecot 1.0.RC15

Dovecot dovecot-1.1.4.tar.gz

http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz

Dovecot Dovecot 1.0.RC14

Dovecot dovecot-1.1.4.tar.gz

http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz

Dovecot Dovecot 1.0.RC2

Dovecot dovecot-1.1.4.tar.gz

http://dovecot.org/releases/1.1/dovecot-1.1.4.tar.gz

Ubuntu Ubuntu Linux 8.04 LTS amd64

Ubuntu dovecot-common_1.0.10-1ubuntu5.2_amd64.deb

http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1 .0.10-1ubuntu5.2_amd64.deb

Ubuntu dovecot-dev_1.0.10-1ubuntu5.2_amd64.deb

http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-dev_1.0. 10-1ubuntu5.2_amd64.deb

Ubuntu dovecot-imapd_1.0.10-1ubuntu5.2_amd64.deb

http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1. 0.10-1ubuntu5.2_amd64.deb

Ubuntu dovecot-pop3d_1.0.10-1ubuntu5.2_amd64.deb

http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1. 0.10-1ubuntu5.2_amd64.deb

Dovecot Dovecot 1.0.rc1

Dovecot dovecot-1.1.4.tar.gz

http://doveco

参考网址

来源: VUPEN

名称: ADV-2008-2745

链接:http://www.frsirt.com/english/advisories/2008/2745

来源: MLIST

名称: [Dovecot-news] 20081005 v1.1.4 released

链接:http://www.dovecot.org/list/dovecot-news/2008-October/000085.HTML

来源: FEDORA

名称: FEDORA-2008-9232

链接:https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.HTML

来源: FEDORA

名称: FEDORA-2008-9202

链接:https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.HTML

来源: UBUNTU

名称: USN-838-1

链接:http://www.ubuntu.com/usn/USN-838-1

来源: BID

名称: 31587

链接:http://www.securityfocus.com/bid/31587

来源: REDHAT

名称: RHSA-2009:0205

链接:http://www.redhat.com/support/errata/RHSA-2009-0205.HTML

来源: MANDRIVA

名称: MDVSA-2008:232

链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:232

来源: GENTOO

名称: GLSA-200812-16

链接:http://security.gentoo.org/glsa/glsa-200812-16.xml

来源: SECUNIA

名称: 36904

链接:http://secunia.com/advisories/36904

来源: SECUNIA

名称: 33624

链接:http://secunia.com/advisories/33624

来源: SECUNIA

名称: 33149

链接:http://secunia.com/advisories/33149

来源: SECUNIA

名称: 32471

链接:http://secunia.com/advisories/32471

来源: SECUNIA

名称: 32164

链接:http://secunia.com/advisories/32164

来源: SUSE

名称: SUSE-SR:2009:004

链接:http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.HTML

来源: bugs.gentoo.org

链接:http://bugs.gentoo.org/show_bug.cgi?id=240409

受影响实体

• Dovecot Dovecot:1.1.3  
• Dovecot Dovecot:1.1.2  
• Dovecot Dovecot:1.1.1  
• Dovecot Dovecot:1.1.0  
• Dovecot Dovecot:1.0.Rc8  

补丁

暂无