High severity7.5NVD Advisory· Published Oct 15, 2008· Updated Jun 16, 2026
CVE-2008-4577
CVE-2008-4577
Description
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*range: <1.1.4
- (no CPE)range: <1.1.4
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
17- secunia.com/advisories/32164nvdBroken LinkVendor Advisory
- security.gentoo.org/glsa/glsa-200812-16.xmlnvdThird Party Advisory
- www.securityfocus.com/bid/31587nvdBroken LinkThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-838-1nvdThird Party Advisory
- bugs.gentoo.org/show_bug.cginvdIssue Tracking
- lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlnvdMailing List
- secunia.com/advisories/32471nvdBroken Link
- secunia.com/advisories/33149nvdBroken Link
- secunia.com/advisories/33624nvdBroken Link
- secunia.com/advisories/36904nvdBroken Link
- www.dovecot.org/list/dovecot-news/2008-October/000085.htmlnvdMailing ListRelease Notes
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.redhat.com/support/errata/RHSA-2009-0205.htmlnvdBroken Link
- www.vupen.com/english/advisories/2008/2745nvdPermissions Required
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10376nvdBroken Link
- www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.htmlnvdMailing List
- www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.htmlnvdMailing List
News mentions
0No linked articles in our index yet.