Executive Summary

Informations
NameCVE-2008-1199First vendor Publication2008-03-06
VendorCveLast vendor Modification2010-08-21

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score4.4Attack RangeLocal
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score3.4AuthentificationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1199

CWE : Common Weakness Enumeration

idName
CWE-59Improper Link Resolution Before File Access ('Link Following')
CWE-16Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10739
 
Oval ID: oval:org.mitre.oval:def:10739
Title: Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
Description: Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
Family: unix Class: vulnerability
Reference(s): CVE-2008-1199
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application32

Open Source Vulnerability Database (OSVDB)

idDescription
43137Dovecot mail_extra_groups Symlink File Manipulation

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/28092
BUGTRAQhttp://www.securityfocus.com/archive/1/archive/1/489133/100/0/threaded
DEBIANhttp://www.debian.org/security/2008/dsa-1516
FEDORAhttps://www.redhat.com/archives/fedora-package-announce/2008-March/msg00358.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00381.html
GENTOOhttp://security.gentoo.org/glsa/glsa-200803-25.xml
MLISThttp://www.dovecot.org/list/dovecot-news/2008-March/000061.html
REDHAThttp://www.redhat.com/support/errata/RHSA-2008-0297.html
SECUNIAhttp://secunia.com/advisories/29226
http://secunia.com/advisories/29385
http://secunia.com/advisories/29396
http://secunia.com/advisories/29557
http://secunia.com/advisories/30342
http://secunia.com/advisories/32151
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html
UBUNTUhttp://www.ubuntulinux.org/support/documentation/usn/usn-593-1
XFhttp://xforce.iss.net/xforce/xfdb/41009

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-05-11 00:11:59
  • Multiple Updates