Back to search
CVE-2009-3897
Published: Nov 24, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
37443
third-party-advisory
x_refsource_SECUNIA
60316
vdb-entry
x_refsource_OSVDB
[oss-security] 20091121 CVE Request - Dovecot - 1.2.8
mailing-list
x_refsource_MLIST
[dovecot-news] 20091120 v1.2.8 released
mailing-list
x_refsource_MLIST
SUSE-SR:2010:001
vendor-advisory
x_refsource_SUSE
ADV-2009-3306
vdb-entry
x_refsource_VUPEN
[oss-security] 20091123 Re: CVE request: v1.2.8 released to fix the 0777 base_dir creation issue
mailing-list
x_refsource_MLIST
[oss-security] 20091120 CVE request: v1.2.8 released to fix the 0777 base_dir creation issue
mailing-list
x_refsource_MLIST
37084
vdb-entry
x_refsource_BID
MDVSA-2009:306
vendor-advisory
x_refsource_MANDRIVA
[oss-security] 20091123 Re: CVE Request - Dovecot - 1.2.8
mailing-list
x_refsource_MLIST
dovecot-basedir-privilege-escalation(54363)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now