CVE-2009-3897 Information
Description
Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time which allows local users to access arbitrary user accounts by replacing the auth socket related to the parent directories of the base_dir directory and possibly the base_dir directory itself.
Reference
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html http://marc.info/?l=oss-security&m=125871729029145&w=2 http://marc.info/?l=oss-security&m=125881481222441&w=2 http://marc.info/?l=oss-security&m=125900267208712&w=2 http://marc.info/?l=oss-security&m=125900271508796&w=2 http://secunia.com/advisories/37443 http://www.dovecot.org/list/dovecot-news/2009-November/000143.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:306 http://www.osvdb.org/60316 http://www.securityfocus.com/bid/37084 http://www.vupen.com/english/advisories/2009/3306 https://exchange.xforce.ibmcloud.com/vulnerabilities/54363
Share on: