Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1199

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2008-1199
Last Modified 21 Aug 2010 01:17:56
Published 06 Mar 2008 04:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1199

Summary

Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.

Vulnerable Systems

Application

  • Dovecot 0.99.13

  • Dovecot 0.99.14

  • Dovecot 1.0

  • Dovecot 1.0 Rc29

  • Dovecot 1.0.10

  • Dovecot 1.0.2

  • Dovecot 1.0.3

  • Dovecot 1.0.4

  • Dovecot 1.0.5

  • Dovecot 1.0.6

  • Dovecot 1.0.7

  • Dovecot 1.0.8

  • Dovecot 1.0.9

  • Dovecot 1.0.beta2

  • Dovecot 1.0.beta3

  • Dovecot 1.0.beta7

  • Dovecot 1.0.beta8

  • Dovecot 1.0.rc1

  • Dovecot 1.0.rc10

  • Dovecot 1.0.rc11

  • Dovecot 1.0.rc12

  • Dovecot 1.0.rc13

  • Dovecot 1.0.rc14

  • Dovecot 1.0.rc15

  • Dovecot 1.0.rc2

  • Dovecot 1.0.rc3

  • Dovecot 1.0.rc4

  • Dovecot 1.0.rc5

  • Dovecot 1.0.rc6

  • Dovecot 1.0.rc7

  • Dovecot 1.0.rc8

  • Dovecot 1.0.rc9


References

BID - 28092

MLIST - [Dovecot-news] 20080504 v1.0.11 released

FEDORA - FEDORA-2008-2475

FEDORA - FEDORA-2008-2464

XF - dovecot-mailextragroups-unauth-access(41009)

UBUNTU - USN-593-1

BUGTRAQ - 20080304 Dovecot mail_extra_groups setting is often used insecurely

REDHAT - RHSA-2008:0297

DEBIAN - DSA-1516

GENTOO - GLSA-200803-25

SECUNIA - 32151

SECUNIA - 30342

SECUNIA - 29557

SECUNIA - 29396

SECUNIA - 29385

SECUNIA - 29226

SUSE - SUSE-SR:2008:020

Related Patches

Red Hat 2008:0297-06 RHSA Low: dovecot security and bug fix update for RHEL 5 x86


Last Updated: 27 May 2016 10:47:04