CVE-2010-3779

Name of the Vulnerable Software and Affected Versions Dovecot versions 1.2.x through 1.2.14 Dovecot versions 2.0.x through 2.0.beta1

Description The issue allows remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox. This can be achieved by exploiting the fact that the admin permission is granted to the owner of each mailbox in a non-public namespace. A possible scenario involves a symlinked shared mailbox.

Recommendations For Dovecot versions 1.2.x through 1.2.14, update to version 1.2.15 or later. For Dovecot versions 2.0.x through 2.0.beta1, update to version 2.0.beta2 or later.