Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html | Mailing List |
http://marc.info/?l=oss-security&m=125871729029145&w=2 | Mailing List Patch |
http://marc.info/?l=oss-security&m=125881481222441&w=2 | Mailing List |
http://marc.info/?l=oss-security&m=125900267208712&w=2 | Mailing List Patch |
http://marc.info/?l=oss-security&m=125900271508796&w=2 | Mailing List |
http://secunia.com/advisories/37443 | Broken Link Vendor Advisory |
http://www.dovecot.org/list/dovecot-news/2009-November/000143.html | Mailing List Patch Vendor Advisory |
http://www.mandriva.com/security/advisories?name=MDVSA-2009:306 | Not Applicable |
http://www.osvdb.org/60316 | Broken Link |
http://www.securityfocus.com/bid/37084 | Broken Link Patch Third Party Advisory VDB Entry |
http://www.vupen.com/english/advisories/2009/3306 | Patch Permissions Required Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/54363 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2009-11-24T17:00:00
Updated: 2017-08-16T14:57:01
Reserved: 2009-11-05T00:00:00
Link: CVE-2009-3897
JSON object: View
NVD Information
Status : Analyzed
Published: 2009-11-24T17:30:00.407
Modified: 2024-02-08T15:21:34.730
Link: CVE-2009-3897
JSON object: View
Redhat Information
No data.
CWE