First published: Thu Mar 06 2008(Updated: )
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dovecot Dovecot | =1.0.6 | |
Dovecot Dovecot | =1.0.beta2 | |
Dovecot Dovecot | =1.0.5 | |
Dovecot Dovecot | =1.0 | |
Dovecot Dovecot | =1.0.rc15 | |
Dovecot Dovecot | =1.0.rc12 | |
Dovecot Dovecot | =1.0.rc14 | |
Dovecot Dovecot | =1.0.2 | |
Dovecot Dovecot | =1.0.rc8 | |
Dovecot Dovecot | =1.0.rc2 | |
Dovecot Dovecot | =1.0.7 | |
Dovecot Dovecot | =0.99.14 | |
Dovecot Dovecot | =1.0.beta8 | |
Dovecot Dovecot | =1.0.beta3 | |
Dovecot Dovecot | =1.0.3 | |
Dovecot Dovecot | =1.0.rc9 | |
Dovecot Dovecot | =1.0.rc13 | |
Dovecot Dovecot | =1.0.8 | |
Dovecot Dovecot | =1.0.rc11 | |
Dovecot Dovecot | =1.0.4 | |
Dovecot Dovecot | =1.0.rc6 | |
Dovecot Dovecot | =1.0.rc3 | |
Dovecot Dovecot | =1.0.10 | |
Dovecot Dovecot | =1.0.9 | |
Dovecot Dovecot | =1.0.rc1 | |
Dovecot Dovecot | =0.99.13 | |
Dovecot Dovecot | =1.0.rc10 | |
Dovecot Dovecot | =1.0_rc29 | |
Dovecot Dovecot | =1.0.rc7 | |
Dovecot Dovecot | =1.0.rc5 | |
Dovecot Dovecot | =1.0.beta7 | |
Dovecot Dovecot | =1.0.rc4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.