fkie_cve-2008-1199
Vulnerability from fkie_nvd
Published
2008-03-06 21:44
Modified
2025-04-09 00:30
Severity ?
Summary
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dovecot | dovecot | 0.99.13 | |
| dovecot | dovecot | 0.99.14 | |
| dovecot | dovecot | 1.0 | |
| dovecot | dovecot | 1.0.2 | |
| dovecot | dovecot | 1.0.3 | |
| dovecot | dovecot | 1.0.4 | |
| dovecot | dovecot | 1.0.5 | |
| dovecot | dovecot | 1.0.6 | |
| dovecot | dovecot | 1.0.7 | |
| dovecot | dovecot | 1.0.8 | |
| dovecot | dovecot | 1.0.9 | |
| dovecot | dovecot | 1.0.10 | |
| dovecot | dovecot | 1.0.beta2 | |
| dovecot | dovecot | 1.0.beta3 | |
| dovecot | dovecot | 1.0.beta7 | |
| dovecot | dovecot | 1.0.beta8 | |
| dovecot | dovecot | 1.0.rc1 | |
| dovecot | dovecot | 1.0.rc2 | |
| dovecot | dovecot | 1.0.rc3 | |
| dovecot | dovecot | 1.0.rc4 | |
| dovecot | dovecot | 1.0.rc5 | |
| dovecot | dovecot | 1.0.rc6 | |
| dovecot | dovecot | 1.0.rc7 | |
| dovecot | dovecot | 1.0.rc8 | |
| dovecot | dovecot | 1.0.rc9 | |
| dovecot | dovecot | 1.0.rc10 | |
| dovecot | dovecot | 1.0.rc11 | |
| dovecot | dovecot | 1.0.rc12 | |
| dovecot | dovecot | 1.0.rc13 | |
| dovecot | dovecot | 1.0.rc14 | |
| dovecot | dovecot | 1.0.rc15 | |
| dovecot | dovecot | 1.0_rc29 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dovecot:dovecot:0.99.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D0616CCF-D278-4B6D-A58B-393BCA128CF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:0.99.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C7BE64-7C1E-4043-A1C5-D0A7377C01A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4240BD98-3C31-42CE-AF8F-045DD4BFC084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C05ACA0-ED87-4DDF-94B6-8D25BE1790F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8A8C0C4A-F9DB-4BB7-BFC5-BEC22C3FE40B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7E00B56-A1E5-4261-8349-37654AA9FB64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E66427AA-A9D4-413F-8354-EA61407307C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D74BE6C7-114D-4885-8472-FFE71C817B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4A349510-4D00-4978-93D9-3F9F5E0CD8DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B65B9EFD-1531-463C-992E-F0F16AABF9C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "34BA7146-5793-44F4-9569-9D868FE6E325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B5078363-6B42-491B-A219-F8D8A86132BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D680474-C329-4DD0-B4EA-2406E27EC474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "165A0D0B-C6B0-431F-BF36-223A27CD6A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "99268D48-CF82-450B-A033-D87AF4109531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E09737-8107-45C0-BFF1-FB4CF81564CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "91E74D81-DF10-423A-8549-3BB5ED02B5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "07D6853E-7E81-443D-8806-C8469217F55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BE4B6A-47A2-457B-B6B8-8FE5C2026A11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "7382F655-9B27-443D-9397-346FBEADEFDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "6F180045-A0DA-40A3-AD3E-F3402FB6456A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc6:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A2FFE7-D008-47B4-80E7-AEC176918E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc7:*:*:*:*:*:*:*",
"matchCriteriaId": "8C840337-7B31-476B-BBCD-65F4899925E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc8:*:*:*:*:*:*:*",
"matchCriteriaId": "545EF2F5-9BAE-4612-9958-70A5413818A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc9:*:*:*:*:*:*:*",
"matchCriteriaId": "E80096F8-46D9-42E3-8CDB-99ADA2CBD970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc10:*:*:*:*:*:*:*",
"matchCriteriaId": "9E504866-3429-4A4C-8278-5C2753D356C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc11:*:*:*:*:*:*:*",
"matchCriteriaId": "30857130-636F-4719-9F1E-8F6369F40DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc12:*:*:*:*:*:*:*",
"matchCriteriaId": "9843D7CE-4723-4200-AFD4-5B31545A287E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc13:*:*:*:*:*:*:*",
"matchCriteriaId": "54AF1D92-D89B-4DE4-9D47-72466873A4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc14:*:*:*:*:*:*:*",
"matchCriteriaId": "64A8FCA5-1666-48F7-9689-37D9315813F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc15:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D517F3-F0A8-4362-89B9-0ED63515283F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.0_rc29:*:*:*:*:*:*:*",
"matchCriteriaId": "3AAE9E7C-49CC-48C3-B47C-CDC5802356A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack."
},
{
"lang": "es",
"value": "Dovecot antes de 1.0.11, cuando se configura para utilizar mail_extra_groups para permitir a Dovecot crear dotlocks en /var/mail, podr\u00eda permitir a usuarios locales leer archivos de mail sensibles para otros usuarios, o modificar archivos o directorios que sean escribibles por el grupo, a trav\u00e9s de un ataque de enlaces simb\u00f3licos."
}
],
"id": "CVE-2008-1199",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-06T21:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29226"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29385"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29396"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29557"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30342"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32151"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200803-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1516"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.dovecot.org/list/dovecot-news/2008-March/000061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0297.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489133/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28092"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41009"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10739"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/593-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00358.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00381.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200803-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.dovecot.org/list/dovecot-news/2008-March/000061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0297.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489133/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/593-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00358.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00381.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1199\n\nThis issue does not affect the default configuration of Dovecot as shipped in Red Hat Enterprise Linux.\n\nThe Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. \n\nAn update to Red Hat Enterprise Linux 5 was released to correct this issue:\nhttps://rhn.redhat.com/errata/RHSA-2008-0297.html\n",
"lastModified": "2008-05-21T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
},
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…