{"id":"CVE-2008-4577","details":"The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.","modified":"2026-01-27T04:09:13.406987Z","published":"2008-10-15T20:08:02Z","withdrawn":"2026-01-27T04:09:13.406987Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/32164"},{"type":"ADVISORY","url":"http://secunia.com/advisories/32471"},{"type":"ADVISORY","url":"http://secunia.com/advisories/33149"},{"type":"ADVISORY","url":"http://secunia.com/advisories/33624"},{"type":"ADVISORY","url":"http://secunia.com/advisories/36904"},{"type":"ADVISORY","url":"http://security.gentoo.org/glsa/glsa-200812-16.xml"},{"type":"ARTICLE","url":"http://www.dovecot.org/list/dovecot-news/2008-October/000085.html"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:232"},{"type":"WEB","url":"http://www.securityfocus.com/bid/31587"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-838-1"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"},{"type":"ARTICLE","url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.html"},{"type":"ARTICLE","url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.html"},{"type":"REPORT","url":"http://bugs.gentoo.org/show_bug.cgi?id=240409"},{"type":"REPORT","url":"http://www.vupen.com/english/advisories/2008/2745"},{"type":"WEB","url":"http://www.redhat.com/support/errata/RHSA-2009-0205.html"},{"type":"WEB","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10376"}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}