4.4

CVE-2008-1199

Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.

Data is provided by the National Vulnerability Database (NVD)
DovecotDovecot Version0.99.13
DovecotDovecot Version0.99.14
DovecotDovecot Version1.0
DovecotDovecot Version1.0.2
DovecotDovecot Version1.0.3
DovecotDovecot Version1.0.4
DovecotDovecot Version1.0.5
DovecotDovecot Version1.0.6
DovecotDovecot Version1.0.7
DovecotDovecot Version1.0.8
DovecotDovecot Version1.0.9
DovecotDovecot Version1.0.10
DovecotDovecot Version1.0.beta2
DovecotDovecot Version1.0.beta3
DovecotDovecot Version1.0.beta7
DovecotDovecot Version1.0.beta8
DovecotDovecot Version1.0.rc1
DovecotDovecot Version1.0.rc2
DovecotDovecot Version1.0.rc3
DovecotDovecot Version1.0.rc4
DovecotDovecot Version1.0.rc5
DovecotDovecot Version1.0.rc6
DovecotDovecot Version1.0.rc7
DovecotDovecot Version1.0.rc8
DovecotDovecot Version1.0.rc9
DovecotDovecot Version1.0.rc10
DovecotDovecot Version1.0.rc11
DovecotDovecot Version1.0.rc12
DovecotDovecot Version1.0.rc13
DovecotDovecot Version1.0.rc14
DovecotDovecot Version1.0.rc15
DovecotDovecot Version1.0_rc29
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.04% 0.076
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.