Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2009-3897
HistoryNov 24, 2009 - 12:00 a.m.

CVE-2009-3897

2009-11-2400:00:00
ubuntu.com
ubuntu.com
12

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

5.1%

JSON

Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain
directories at installation time, which allows local users to access
arbitrary user accounts by replacing the auth socket, related to the parent
directories of the base_dir directory, and possibly the base_dir directory
itself.

Bugs

Notes

Author Note
mdeslaur only affects 1.2.x

Related

securityvulns 2
debiancve 1
freebsd 1
openvas 6
prion 1
debian 2
nessus 5
cvelist 1
cve 1
nvd 1
gentoo 1
securityvulns
securityvulns
Dovecot weak permissions
2009-12-01 00:00:00
[ MDVSA-2009:306 ] dovecot
2009-12-01 00:00:00
debiancve
debiancve
CVE-2009-3897
2009-11-24 17:30:00
freebsd
freebsd
dovecot -- Insecure directory permissions
2009-11-20 00:00:00
openvas
openvas
FreeBSD Ports: dovecot
2009-12-14 00:00:00
Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
2009-12-02 00:00:00
FreeBSD Ports: dovecot
2009-12-14 00:00:00
prion
prion
Directory traversal
2009-11-24 17:30:00
debian
debian
[Backports-security-announce] Security Update for dovecot
2009-12-02 19:03:17
[Backports-security-announce] Security Update for dovecot
2009-12-02 19:11:31
nessus
nessus
openSUSE Security Update : dovecot12 (dovecot12-1811)
2010-01-19 00:00:00
FreeBSD : dovecot -- Insecure directory permissions (30211c45-e52a-11de-b5cd-00e0815b8da8)
2009-12-11 00:00:00
Mandriva Linux Security Advisory : dovecot (MDVSA-2009:306)
2010-07-30 00:00:00
cvelist
cvelist
CVE-2009-3897
2009-11-24 17:00:00
cve
cve
CVE-2009-3897
2009-11-24 17:30:00
nvd
nvd
CVE-2009-3897
2009-11-24 17:30:00
gentoo
gentoo
Dovecot: Multiple vulnerabilities
2011-10-10 00:00:00

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

5.1%

JSON
Related for UB:CVE-2009-3897
securityvulns2debiancve1freebsd1openvas6prion1debian2nessus5cvelist1cve1nvd1gentoo1