CVE-2010-3706

N/A Unknown

Published: October 06, 2010 Modified: April 29, 2026

Description

plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html

Source: secalert@redhat.com

http://marc.info/?l=oss-security&m=128620520732377&w=2

Source: secalert@redhat.com

http://marc.info/?l=oss-security&m=128622064325688&w=2

Source: secalert@redhat.com

http://secunia.com/advisories/43220

Source: secalert@redhat.com

http://www.dovecot.org/list/dovecot/2010-October/053450.html

Source: secalert@redhat.com

Vendor Advisory

http://www.dovecot.org/list/dovecot/2010-October/053451.html

Source: secalert@redhat.com

Vendor Advisory

http://www.dovecot.org/list/dovecot/2010-October/053452.html

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2010:217

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-1059-1

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2010/2572

Source: secalert@redhat.com

Vendor Advisory

http://www.vupen.com/english/advisories/2010/2840

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2011/0301

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=oss-security&m=128620520732377&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=oss-security&m=128622064325688&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43220

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.dovecot.org/list/dovecot/2010-October/053450.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.dovecot.org/list/dovecot/2010-October/053451.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.dovecot.org/list/dovecot/2010-October/053452.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2010:217

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1059-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/2572

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2010/2840

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0301

Source: af854a3a-2127-422b-91ae-364da2661108

24 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

2.1%

80th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

dovecot

Related CVEs

CVE-2026-8662 3.3

CVE-2026-8658 6.0

CVE-2026-8666 7.7

CVE-2026-8665 7.7

CVE-2026-8664 6.0