Unrated severityNVD Advisory· Published Oct 15, 2008· Updated Apr 23, 2026
CVE-2008-4578
CVE-2008-4578
Description
The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
Affected products
57cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*+ 56 more
- cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*range: <=1.1.3
- cpe:2.3:a:dovecot:dovecot:0.99.13:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:0.99.14:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.beta1:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.beta2:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.beta3:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.beta4:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.beta5:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.beta6:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.beta7:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.beta8:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.beta9:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc1:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc2:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc3:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc4:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc5:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc6:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc7:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc8:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc9:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc10:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc11:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc12:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc13:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc14:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc15:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc16:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc17:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc18:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc19:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc20:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc21:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc22:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc23:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc24:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc25:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc26:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc27:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0.rc28:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.0_rc29:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.1.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- www.dovecot.org/list/dovecot-news/2008-October/000085.htmlnvdPatch
- secunia.com/advisories/32164nvdVendor Advisory
- bugs.gentoo.org/show_bug.cginvd
- secunia.com/advisories/33149nvd
- security.gentoo.org/glsa/glsa-200812-16.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/archive/1/498498/100/0/threadednvd
- www.securityfocus.com/bid/31587nvd
- www.vupen.com/english/advisories/2008/2745nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/45669nvd
News mentions
0No linked articles in our index yet.