5.5
CVE-2009-3897
- EPSS 0.38%
- Veröffentlicht 24.11.2009 17:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:35
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.294 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html
http://marc.info/?l=oss-security&m=125871729029145&w=2
http://marc.info/?l=oss-security&m=125881481222441&w=2
http://marc.info/?l=oss-security&m=125900267208712&w=2
http://marc.info/?l=oss-security&m=125900271508796&w=2
http://secunia.com/advisories/37443
http://www.dovecot.org/list/dovecot-news/2009-November/000143.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:306
http://www.osvdb.org/60316
http://www.securityfocus.com/bid/37084
http://www.vupen.com/english/advisories/2009/3306
https://exchange.xforce.ibmcloud.com/vulnerabilities/54363