CVE-2009-3897

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2009-3897

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2009-3897.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2009-3897

Downstream

DEBIAN-CVE-2009-3897

Published

2009-11-24T17:30:00Z

Modified

2026-04-10T03:40:59.197636Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the basedir directory, and possibly the basedir directory itself.

References

http://secunia.com/advisories/37443
http://www.dovecot.org/list/dovecot-news/2009-November/000143.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:306
http://www.securityfocus.com/bid/37084
http://www.vupen.com/english/advisories/2009/3306
https://exchange.xforce.ibmcloud.com/vulnerabilities/54363
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html
http://marc.info/?l=oss-security&m=125871729029145&w=2
http://marc.info/?l=oss-security&m=125881481222441&w=2
http://marc.info/?l=oss-security&m=125900267208712&w=2
http://marc.info/?l=oss-security&m=125900271508796&w=2
http://www.dovecot.org/list/dovecot-news/2009-November/000143.html
http://marc.info/?l=oss-security&m=125871729029145&w=2
http://marc.info/?l=oss-security&m=125900267208712&w=2
http://www.dovecot.org/list/dovecot-news/2009-November/000143.html
http://www.securityfocus.com/bid/37084
http://www.vupen.com/english/advisories/2009/3306
http://www.vupen.com/english/advisories/2009/3306
http://www.osvdb.org/60316
http://www.securityfocus.com/bid/37084

CVE-2009-3897

Affected packages