Описание
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1.0.beta3-3ubuntu5.6 |
| devel | released | 1:1.0.10-1ubuntu3 |
| edgy | released | 1.0.rc2-1ubuntu2.3 |
| feisty | released | 1.0.rc17-1ubuntu2.3 |
| gutsy | released | 1:1.0.5-1ubuntu2.2 |
| upstream | released | 1.0.11 |
Показывать по
EPSS
4.4 Medium
CVSS2
Связанные уязвимости
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
Dovecot before 1.0.11, when configured to use mail_extra_groups to all ...
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
ELSA-2008-0297: dovecot security and bug fix update (LOW)
EPSS
4.4 Medium
CVSS2