CVE-2010-3304

The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.

Published: Sep 24, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-3304
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
dovecot / dovecot	1.2.2	1.2.2.x
dovecot / dovecot	1.2.7	1.2.7.x
dovecot / dovecot	1.2.4	1.2.4.x
dovecot / dovecot	1.2.9	1.2.9.x
dovecot / dovecot	1.2.11	1.2.11.x
dovecot / dovecot	1.2.1	1.2.1.x
dovecot / dovecot	1.2.8	1.2.8.x
dovecot / dovecot	1.2.6	1.2.6.x
dovecot / dovecot	1.2.5	1.2.5.x
dovecot / dovecot	1.2.10	1.2.10.x
dovecot / dovecot	1.2.3	1.2.3.x
dovecot / dovecot	1.2.0	1.2.0.x
dovecot / dovecot	1.2.12	1.2.12.x

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://secunia.com/advisories/43220
http://www.dovecot.org/list/dovecot-news/2010-July/000163.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:217
http://www.openwall.com/lists/oss-security/2010/09/16/14
http://www.openwall.com/lists/oss-security/2010/09/16/17
http://www.securityfocus.com/bid/41964
http://www.ubuntu.com/usn/USN-1059-1
http://www.vupen.com/english/advisories/2010/2840
http://www.vupen.com/english/advisories/2011/0301

Vulnerability Database

289,697

CVE-2010-3304