[Secure-testing-team] Bug#557601: v1.2.8 fixes a security problem in v1.2 releases.
Soeren Sonnenburg
sonne at debian.org
Mon Nov 23 06:24:26 UTC 2009
Package: dovecot
Severity: critical
Tags: security
from http://www.dovecot.org/list/dovecot-news/2009-November/000143.html
This is mainly to fix the 0777 base_dir creation issue, which could be
considered a security hole, exploitable by local users. An attacker
could for example replace Dovecot's auth socket and log in as other
users. Gaining root privileges isn't possible though.
This affects only v1.2 users, v1.1 and older versions were creating the
directory with 0755 permission.
-- System Information:
Debian Release: squeeze/sid
APT prefers stable
APT policy: (700, 'stable'), (650, 'testing'), (600, 'unstable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-rc8-sonne (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
More information about the Secure-testing-team
mailing list