High severity7.5NVD Advisory· Published Oct 15, 2008· Updated Apr 23, 2026
CVE-2008-4577
CVE-2008-4577
Description
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
Affected products
7cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
17- secunia.com/advisories/32164nvdBroken LinkVendor Advisory
- security.gentoo.org/glsa/glsa-200812-16.xmlnvdThird Party Advisory
- www.securityfocus.com/bid/31587nvdBroken LinkThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-838-1nvdThird Party Advisory
- bugs.gentoo.org/show_bug.cginvdIssue Tracking
- lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlnvdMailing List
- secunia.com/advisories/32471nvdBroken Link
- secunia.com/advisories/33149nvdBroken Link
- secunia.com/advisories/33624nvdBroken Link
- secunia.com/advisories/36904nvdBroken Link
- www.dovecot.org/list/dovecot-news/2008-October/000085.htmlnvdMailing ListRelease Notes
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.redhat.com/support/errata/RHSA-2009-0205.htmlnvdBroken Link
- www.vupen.com/english/advisories/2008/2745nvdPermissions Required
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10376nvdBroken Link
- www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.htmlnvdMailing List
- www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.htmlnvdMailing List
News mentions
0No linked articles in our index yet.