DescriptionDovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SR:2010:001, published Tue, 19 Jan 2010 17:00:00 +0000
SUSE Timeline for this CVECVE page created: Fri Jun 28 07:09:53 2013
CVE page last modified: Fri Oct 7 12:45:50 2022