DebianDEBIAN:55E28A6E90844663A7D33C21FA3D047E:F1AD3[Backports-security-announce] Security Update for dovecot
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.8%
Marco Nenciarini uploaded new packages for dovecot which fix the
following security problem:
CVE-2009-3897
Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of
certain directories at installation time, which allows local users to
access arbitrary user accounts by replacing the auth socket, related
to the parent directories of the base_dir directory, and possibly the
base_dir directory itself.
For the lenny-backports distribution the problems have been fixed in
version 1:1.2.8-1~bpo50+1.
Upgrade instructions
If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install dovecot-common
dovecot-imapd dovecot-pop3d" with the packagelist of your installed
packages affected by this update.
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>
We recommend to pin the backports repository to 200 so that new
versions of installed backports will be installed automatically.
Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.8%