{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2010-10-02T00:00:00.000Z","descriptions":[{"lang":"en","value":"plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2010-11-19T10:00:00.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"[oss-security] 20101004 Re: CVE Request: more dovecot ACL issues","tags":["mailing-list","x_refsource_MLIST"],"url":"http://marc.info/?l=oss-security&m=128622064325688&w=2"},{"name":"USN-1059-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-1059-1"},{"name":"SUSE-SR:2010:020","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"},{"name":"ADV-2010-2572","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2010/2572"},{"name":"[oss-security] 20101004 CVE Request: more dovecot ACL issues","tags":["mailing-list","x_refsource_MLIST"],"url":"http://marc.info/?l=oss-security&m=128620520732377&w=2"},{"name":"MDVSA-2010:217","tags":["vendor-advisory","x_refsource_MANDRIVA"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:217"},{"name":"43220","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/43220"},{"name":"ADV-2011-0301","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2011/0301"},{"name":"[dovecot] 20101002 v1.2.15 released","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.dovecot.org/list/dovecot/2010-October/053450.html"},{"name":"[dovecot] 20101002 ACL handling bugs in v1.2.8+ and v2.0","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.dovecot.org/list/dovecot/2010-October/053452.html"},{"name":"ADV-2010-2840","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2010/2840"},{"name":"[dovecot] 20101002 v2.0.5 released","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.dovecot.org/list/dovecot/2010-October/053451.html"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-07T03:18:52.956Z"},"title":"CVE Program Container","references":[{"name":"[oss-security] 20101004 Re: CVE Request: more dovecot ACL issues","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://marc.info/?l=oss-security&m=128622064325688&w=2"},{"name":"USN-1059-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-1059-1"},{"name":"SUSE-SR:2010:020","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"},{"name":"ADV-2010-2572","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2010/2572"},{"name":"[oss-security] 20101004 CVE Request: more dovecot ACL issues","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://marc.info/?l=oss-security&m=128620520732377&w=2"},{"name":"MDVSA-2010:217","tags":["vendor-advisory","x_refsource_MANDRIVA","x_transferred"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:217"},{"name":"43220","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/43220"},{"name":"ADV-2011-0301","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2011/0301"},{"name":"[dovecot] 20101002 v1.2.15 released","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.dovecot.org/list/dovecot/2010-October/053450.html"},{"name":"[dovecot] 20101002 ACL handling bugs in v1.2.8+ and v2.0","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.dovecot.org/list/dovecot/2010-October/053452.html"},{"name":"ADV-2010-2840","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2010/2840"},{"name":"[dovecot] 20101002 v2.0.5 released","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.dovecot.org/list/dovecot/2010-October/053451.html"}]}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2010-3706","datePublished":"2010-10-06T16:00:00.000Z","dateReserved":"2010-10-01T00:00:00.000Z","dateUpdated":"2024-08-07T03:18:52.956Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}