Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD30211C45-E52A-11DE-B5CD-00E0815B8DA8
HistoryNov 20, 2009 - 12:00 a.m.

dovecot -- Insecure directory permissions

2009-11-2000:00:00
vuxml.freebsd.org
12

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

5.1%

JSON

Dovecot author reports:

Dovecot v1.2.x had been creating base_dir (and its parents if
necessary) with 0777 permissions. The base_dir’s permissions get
changed to 0755 automatically at startup, but you may need to
chmod the parent directories manually.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchdovecot= 1.2.*UNKNOWN
FreeBSDanynoarchdovecot< 1.2.8UNKNOWN

Related

securityvulns 2
debiancve 1
openvas 6
prion 1
debian 2
nessus 5
ubuntucve 1
cvelist 1
cve 1
nvd 1
gentoo 1
securityvulns
securityvulns
Dovecot weak permissions
2009-12-01 00:00:00
[ MDVSA-2009:306 ] dovecot
2009-12-01 00:00:00
debiancve
debiancve
CVE-2009-3897
2009-11-24 17:30:00
openvas
openvas
FreeBSD Ports: dovecot
2009-12-14 00:00:00
Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
2009-12-02 00:00:00
FreeBSD Ports: dovecot
2009-12-14 00:00:00
prion
prion
Directory traversal
2009-11-24 17:30:00
debian
debian
[Backports-security-announce] Security Update for dovecot
2009-12-02 19:03:17
[Backports-security-announce] Security Update for dovecot
2009-12-02 19:11:31
nessus
nessus
openSUSE Security Update : dovecot12 (dovecot12-1811)
2010-01-19 00:00:00
FreeBSD : dovecot -- Insecure directory permissions (30211c45-e52a-11de-b5cd-00e0815b8da8)
2009-12-11 00:00:00
Mandriva Linux Security Advisory : dovecot (MDVSA-2009:306)
2010-07-30 00:00:00
ubuntucve
ubuntucve
CVE-2009-3897
2009-11-24 00:00:00
cvelist
cvelist
CVE-2009-3897
2009-11-24 17:00:00
cve
cve
CVE-2009-3897
2009-11-24 17:30:00
nvd
nvd
CVE-2009-3897
2009-11-24 17:30:00
gentoo
gentoo
Dovecot: Multiple vulnerabilities
2011-10-10 00:00:00

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

5.1%

JSON
Related for 30211C45-E52A-11DE-B5CD-00E0815B8DA8
securityvulns2debiancve1openvas6prion1debian2nessus5ubuntucve1cvelist1cve1nvd1gentoo1