CVE-2009-3897 - OpenCVE

Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Dovecot	Dovecot

Configuration 1 [-]

cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html	Mailing List
http://marc.info/?l=oss-security&m=125871729029145&w=2	Mailing List Patch
http://marc.info/?l=oss-security&m=125881481222441&w=2	Mailing List
http://marc.info/?l=oss-security&m=125900267208712&w=2	Mailing List Patch
http://marc.info/?l=oss-security&m=125900271508796&w=2	Mailing List
http://secunia.com/advisories/37443	Broken Link Vendor Advisory
http://www.dovecot.org/list/dovecot-news/2009-November/000143.html	Mailing List Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:306	Not Applicable
http://www.osvdb.org/60316	Broken Link
http://www.securityfocus.com/bid/37084	Broken Link Patch Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2009/3306	Patch Permissions Required Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54363	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2009-11-24T17:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2009-11-05T00:00:00

Link: CVE-2009-3897

JSON object: View

NVD Information

Status : Analyzed

Published: 2009-11-24T17:30:00.407

Modified: 2024-02-08T15:21:34.730

Link: CVE-2009-3897

JSON object: View

Redhat Information

No data.

CWE

CWE-732

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-11-20T00:00:00", "descriptions": [{"lang": "en", "value": "Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "37443", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37443"}, {"name": "60316", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/60316"}, {"name": "[oss-security] 20091121 CVE Request - Dovecot - 1.2.8", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=125881481222441&w=2"}, {"name": "[dovecot-news] 20091120 v1.2.8 released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.dovecot.org/list/dovecot-news/2009-November/000143.html"}, {"name": "SUSE-SR:2010:001", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html"}, {"name": "ADV-2009-3306", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3306"}, {"name": "[oss-security] 20091123 Re: CVE request: v1.2.8 released to fix the 0777 base_dir creation issue", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=125900267208712&w=2"}, {"name": "[oss-security] 20091120 CVE request: v1.2.8 released to fix the 0777 base_dir creation issue", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=125871729029145&w=2"}, {"name": "37084", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/37084"}, {"name": "MDVSA-2009:306", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:306"}, {"name": "[oss-security] 20091123 Re: CVE Request - Dovecot - 1.2.8", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=125900271508796&w=2"}, {"name": "dovecot-basedir-privilege-escalation(54363)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54363"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-3897", "datePublished": "2009-11-24T17:00:00", "dateReserved": "2009-11-05T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*", "matchCriteriaId": "A697E475-79C0-45FD-9529-022CBC15921D", "versionEndExcluding": "1.2.8", "versionStartIncluding": "1.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself."}, {"lang": "es", "value": "Dovecot v1.2.x anterior v1.2.8 establece permisos 0777 durante la creaci\u00f3n de ciertos directorios en el momento de la instalaci\u00f3n, permitiendo a usuarios locales acceder a las cuentas de usuarios por reemplazamiento del socket auth, relacionados con los directorios padre del directorio base_dir, y probablemente con el propio directorio base_dir\r\n"}], "id": "CVE-2009-3897", "lastModified": "2024-02-08T15:21:34.730", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2009-11-24T17:30:00.407", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch"], "url": "http://marc.info/?l=oss-security&m=125871729029145&w=2"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://marc.info/?l=oss-security&m=125881481222441&w=2"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch"], "url": "http://marc.info/?l=oss-security&m=125900267208712&w=2"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://marc.info/?l=oss-security&m=125900271508796&w=2"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/37443"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "http://www.dovecot.org/list/dovecot-news/2009-November/000143.html"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:306"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.osvdb.org/60316"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Patch", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/37084"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Permissions Required", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3306"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54363"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}