CVE-2008-1199

Published: 6 March 2008

Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.

Priority

Status

Package	Release	Status
dovecot Launchpad, Ubuntu, Debian	dapper	Released (1.0.beta3-3ubuntu5.6)
	edgy	Released (1.0.rc2-1ubuntu2.3)
	feisty	Released (1.0.rc17-1ubuntu2.3)
	gutsy	Released (1:1.0.5-1ubuntu2.2)
	upstream	Released (1.0.11)

References

https://ubuntu.com/security/notices/USN-593-1
https://www.cve.org/CVERecord?id=CVE-2008-1199
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.