7 matches found
openSUSE Security Update : dovecot12 (dovecot12-1811)
Dovecot created the configured 'basedir' /var/run/dovecot with mode 0777 if it didn't exist, therefore allowing local users to mess with e.g. the authentication socket CVE-2009-3897. Note that /var/run/dovecot is part of the dovecot rpm with proper permission settings. Therefor dovecot is not...
FreeBSD Ports: dovecot
The remote host is missing an update to the system as announced in the referenced advisory. VID 30211c45-e52a-11de-b5cd-00e0815b8da8 OpenVAS Vulnerability Test $ Description: Auto generated from VID 30211c45-e52a-11de-b5cd-00e0815b8da8 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
FreeBSD Ports: dovecot
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
[Backports-security-announce] Security Update for dovecot
Marco Nenciarini uploaded new packages for dovecot which fix the following security problem: CVE-2009-3897 Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth...
[Backports-security-announce] Security Update for dovecot
Marco Nenciarini uploaded new packages for dovecot which fix the following security problem: CVE-2009-3897 Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth...
CVE-2009-3897
Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the basedir directory, and possibly the basedir directory...
CVE-2009-3897
CVE-2009-3897 affects Dovecot 1.2.x before 1.2.8, where during installation the base_dir-related directories (and possibly the base_dir itself) are created with mode 0777. This permits a local attacker to access or replace the authentication socket and potentially access arbitrary user accounts. ...