Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:CF94EF53EC2AC7F61F27C50D1865832A:F1AD3
HistoryDec 02, 2009 - 7:03 p.m.

[Backports-security-announce] Security Update for dovecot

2009-12-0219:03:17
lists.debian.org
9
JSON

Marco Nenciarini uploaded new packages for dovecot which fix the
following security problem:

CVE-2009-3897

Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of
certain directories at installation time, which allows local users to
access arbitrary user accounts by replacing the auth socket, related
to the parent directories of the base_dir directory, and possibly the
base_dir directory itself.

For the lenny-backports distribution the problems have been fixed in
version 1:1.2.8-1~bpo50+1.

Upgrade instructions

If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install dovecot-common
dovecot-imapd dovecot-pop3d" with the packagelist of your installed
packages affected by this update.

[1] <http://backports.org/dokuwiki/doku.php?id=instructions&gt;

We recommend to pin the backports repository to 200 so that new
versions of installed backports will be installed automatically.

Package: *
Pin: release a=lenny-backports
Pin-Priority: 200

Related

prion 1
openvas 6
securityvulns 2
debiancve 1
freebsd 1
nessus 4
debian 1
ubuntucve 1
cve 1
gentoo 1
prion
prion
Directory traversal
2009-11-24 17:30:00
openvas
openvas
FreeBSD Ports: dovecot
2009-12-14 00:00:00
Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
2009-12-02 00:00:00
FreeBSD Ports: dovecot
2009-12-14 00:00:00
securityvulns
securityvulns
Dovecot weak permissions
2009-12-01 00:00:00
[ MDVSA-2009:306 ] dovecot
2009-12-01 00:00:00
debiancve
debiancve
CVE-2009-3897
2009-11-24 17:30:00
freebsd
freebsd
dovecot -- Insecure directory permissions
2009-11-20 00:00:00
nessus
nessus
FreeBSD : dovecot -- Insecure directory permissions (30211c45-e52a-11de-b5cd-00e0815b8da8)
2009-12-11 00:00:00
Mandriva Linux Security Advisory : dovecot (MDVSA-2009:306)
2010-07-30 00:00:00
openSUSE Security Update : dovecot12 (dovecot12-1811)
2010-01-19 00:00:00
debian
debian
[Backports-security-announce] Security Update for dovecot
2009-12-02 19:11:31
ubuntucve
ubuntucve
CVE-2009-3897
2009-11-24 00:00:00
cve
cve
CVE-2009-3897
2009-11-24 17:30:00
gentoo
gentoo
Dovecot: Multiple vulnerabilities
2011-10-10 00:00:00
JSON
Related for DEBIAN:CF94EF53EC2AC7F61F27C50D1865832A:F1AD3
prion1openvas6securityvulns2debiancve1freebsd1nessus4debian1ubuntucve1cve1gentoo1