CVE-2010-3706

Name of the Vulnerable Software and Affected Versions Dovecot versions 1.2.x through 1.2.14 Dovecot versions 2.0.x through 2.0.4

Description The issue allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox, due to incorrect interpretation of an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user.

Recommendations For Dovecot versions 1.2.x through 1.2.14, update to version 1.2.15 or later. For Dovecot versions 2.0.x through 2.0.4, update to version 2.0.5 or later.