Описание
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
Отчет
This issue does not affect the default configuration of Dovecot as shipped in Red Hat Enterprise Linux.
Дополнительная информация
Статус:
EPSS
3.7 Low
CVSS2
Связанные уязвимости
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
Dovecot before 1.0.11, when configured to use mail_extra_groups to all ...
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
ELSA-2008-0297: dovecot security and bug fix update (LOW)
EPSS
3.7 Low
CVSS2