DEBIAN-CVE-2009-3897
- Source
- https://security-tracker.debian.org/tracker/CVE-2009-3897
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2009-3897.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2009-3897
- Upstream
- Published
- 2009-11-24T17:30:00.407Z
- Modified
- 2025-11-19T01:08:49.120063Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the basedir directory, and possibly the basedir directory itself.
- References
Affected packages
Debian:11 / dovecot
Package
- Name
- dovecot
- Purl
- pkg:deb/debian/dovecot?arch=source
Debian:12 / dovecot
Package
- Name
- dovecot
- Purl
- pkg:deb/debian/dovecot?arch=source
Debian:13 / dovecot
Package
- Name
- dovecot
- Purl
- pkg:deb/debian/dovecot?arch=source
Debian:14 / dovecot
Package
- Name
- dovecot
- Purl
- pkg:deb/debian/dovecot?arch=source