CVE-2007-4211 — Dovecot vulnerability

8 documents6 sources

Severity

6.0MEDIUMNVD

EPSS

1.4%

top 19.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dovecot Debian Dovecot

Timeline

PublishedAug 8

Latest updateMay 1

Description

The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/dovecot< dovecot 1:1.0.3-2 (bookworm)

▶Debiandovecot/dovecot< 1:1.0.3-2+3

▶NVDdovecot/dovecot1.0.2

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-7qph-c6xr-695q: The ACL plugin in Dovecot before 1↗2022-05-01

▶

OSV

CVE-2007-4211: The ACL plugin in Dovecot before 1↗2007-08-08

▶

📋Vendor Advisories

Red Hat

Dovecot possible privilege ascalation in ACL plugin↗2007-08-01

▶

Debian

CVE-2007-4211: dovecot - The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with th...↗2007

▶

💬Community

Bugzilla

CVE-2007-4211 Dovecot possible privilege ascalation in ACL plugin [F7]↗2007-08-06

▶

Bugzilla

CVE-2007-4211 Dovecot possible privilege ascalation in ACL plugin↗2007-08-06

▶

Bugzilla

CVE-2007-4211 Dovecot possible privilege ascalation in ACL plugin [FC6]↗2007-08-06

▶