Vigil@nce - Dovecot: change of default ACLs
September 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When the user defines ACLs on his INBOX, they become the default
ACLs of Maildir subdirectories.
Severity: 1/4
Creation date: 17/09/2010
DESCRIPTION OF THE VULNERABILITY
The Dovecot program is an IMAP/POP3 server. Its ACL plugin can be
used to define access restrictions. ACLs of a directory are
applied by default to all created subdirectories.
By default the virtual "INBOX" directory (received messages) is
the "Maildir" directory (storage root). When the user defines ACLs
for the "INBOX" directory, they thus become default ACLs of all
directories which will be created under Maildir.
When the user defines ACLs on his INBOX, they therefore become the
default ACLs of Maildir subdirectories. Depending on defined ACLs,
this behavior can be used by an attacker to access to directories
located under Maildir.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Dovecot-change-of-default-ACLs-9949