5.5

CVE-2009-3897

Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DovecotDovecot Version >= 1.2.0 < 1.2.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.38% 0.294
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html
Mailing List
http://marc.info/?l=oss-security&m=125871729029145&w=2
Patch
Mailing List
http://marc.info/?l=oss-security&m=125881481222441&w=2
Mailing List
http://marc.info/?l=oss-security&m=125900267208712&w=2
Patch
Mailing List
http://marc.info/?l=oss-security&m=125900271508796&w=2
Mailing List
http://secunia.com/advisories/37443
Vendor Advisory
Broken Link
http://www.dovecot.org/list/dovecot-news/2009-November/000143.html
Patch
Vendor Advisory
Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2009:306
Not Applicable
http://www.osvdb.org/60316
Broken Link
http://www.securityfocus.com/bid/37084
Patch
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2009/3306
Patch
Vendor Advisory
Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/54363
Third Party Advisory
VDB Entry