Dovecot ACL Plugin Security Bypass Vulnerabilities

Summary
This host has Dovecot ACL Plugin installed and is prone to multiple security bypass vulnerabilities.
Impact
Successful attack could allow malicious people to bypass certain security restrictions or manipulate certain data. Impact Level: Application
Solution
Upgrade to Dovecot version 1.1.4 http://www.dovecot.org/download.html
Insight
The flaws are due to, - the ACL plugin interprets negative access rights as positive access rights, potentially giving an unprivileged user access to restricted resources. - an error in the ACL plugin when imposing mailbox creation restrictions to to create parent/child/child mailboxes.
Affected
Dovecot versions prior to 1.1.4 on Linux
References