| Vulnerability Name: | CVE-2008-1199 (CCN-41009) | ||||||||||||||||||||||||||||||||||||
| Assigned: | 2008-03-04 | ||||||||||||||||||||||||||||||||||||
| Published: | 2008-03-04 | ||||||||||||||||||||||||||||||||||||
| Updated: | 2018-10-11 | ||||||||||||||||||||||||||||||||||||
| Summary: | Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack. | ||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P) 3.2 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
2.5 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
2.7 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-59 CWE-16 | ||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||||||||||||||||||||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Mar 04 2008 - 00:47:53 CST Dovecot mail_extra_groups setting is often used insecurely Source: MITRE Type: CNA CVE-2008-1199 Source: SUSE Type: UNKNOWN SUSE-SR:2008:020 Source: CCN Type: RHSA-2008-0297 Low: dovecot security and bug fix update Source: SECUNIA Type: UNKNOWN 29226 Source: SECUNIA Type: UNKNOWN 29385 Source: SECUNIA Type: UNKNOWN 29396 Source: SECUNIA Type: UNKNOWN 29557 Source: SECUNIA Type: UNKNOWN 30342 Source: SECUNIA Type: UNKNOWN 32151 Source: GENTOO Type: UNKNOWN GLSA-200803-25 Source: DEBIAN Type: UNKNOWN DSA-1516 Source: DEBIAN Type: DSA-1516 dovecot -- privilege escalation Source: CCN Type: Dovecot Web site Dovecot Source: CCN Type: Dovecot Changelog, Tue Mar 4 08:37:56 EET 2008 [Dovecot-news] v1.0.11 released Source: MLIST Type: Patch [Dovecot-news] 20080504 v1.0.11 released Source: CCN Type: GLSA-200803-25 Dovecot: Multiple vulnerabilities Source: REDHAT Type: UNKNOWN RHSA-2008:0297 Source: BUGTRAQ Type: UNKNOWN 20080304 Dovecot mail_extra_groups setting is often used insecurely Source: BID Type: Patch 28092 Source: CCN Type: BID-28092 Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability Source: CCN Type: USN-593-1 Dovecot vulnerabilities Source: XF Type: UNKNOWN dovecot-mailextragroups-unauth-access(41009) Source: XF Type: UNKNOWN dovecot-mailextragroups-unauth-access(41009) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10739 Source: UBUNTU Type: UNKNOWN USN-593-1 Source: FEDORA Type: UNKNOWN FEDORA-2008-2464 Source: FEDORA Type: UNKNOWN FEDORA-2008-2475 Source: SUSE Type: SUSE-SR:2008:020 SUSE Security Summary Report | ||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||