A weakness has been reported in Dovecot, which can be exploited by malicious users to bypass certain security restrictions. The weakness is caused due to an error within the handling of the "i" (insert) right in the ACL plugin, which can be exploited to save certain other flags (e.g. seen or deleted) via the APPEND or COPY commands without having the proper permissions. The weakness is reported in versions prior to 1.0.3. Other versions may be also affected. Solution: Update to version 1.0.3. Provided and/or discovered by: Reported by the vendor. Original Advisory: http://www.dovecot.org/list/dovecot-news/2007-August/000048.html Reproducible: Always
maintainers - please advice and patch as necessary
What can I say? I put 1.0.3 in the tree days ago :P
====================================================== Name: CVE-2007-4211 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4211 Reference: MLIST:[dovecot-news] 20070801 v1.0.3 released Reference: URL:http://www.dovecot.org/list/dovecot-news/2007-August/000048.html Reference: BID:25182 Reference: URL:http://www.securityfocus.com/bid/25182 Reference: SECUNIA:26320 Reference: URL:http://secunia.com/advisories/26320 Reference: XF:dovecot-aclplugin-security-bypass(35767) Reference: URL:http://xforce.iss.net/xforce/xfdb/35767 The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
Thanks Roy. Arches, please test and mark stable net-mail/dovecot-1.0.3. Target keywords are "alpha amd64 ppc sparc x86 ~x86-fbsd"
sparc stable.
amd64 stable
ppc stable
x86 done
alpha stable
I vote NO.
voting NO too and closing without GLSA.
