CVE-2009-3897 — MEDIUM (5.5)

Q: How severe is CVE-2009-3897?

CVE-2009-3897 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-3897?

Check the references section above for vendor advisories and patch information. Affected products include: Dovecot Dovecot.

Vulnerability Description

Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Dovecot	Dovecot	>= 1.2.0, < 1.2.8

Related Weaknesses (CWE)

CWE-732

References

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.htmlMailing List
http://marc.info/?l=oss-security&m=125871729029145&w=2Mailing ListPatch
http://marc.info/?l=oss-security&m=125881481222441&w=2Mailing List
http://marc.info/?l=oss-security&m=125900267208712&w=2Mailing ListPatch
http://marc.info/?l=oss-security&m=125900271508796&w=2Mailing List
http://secunia.com/advisories/37443Broken LinkVendor Advisory
http://www.dovecot.org/list/dovecot-news/2009-November/000143.htmlMailing ListPatchVendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:306Not Applicable
http://www.osvdb.org/60316Broken Link
http://www.securityfocus.com/bid/37084Broken LinkPatchThird Party Advisory
http://www.vupen.com/english/advisories/2009/3306PatchPermissions RequiredVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54363Third Party AdvisoryVDB Entry
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.htmlMailing List
http://marc.info/?l=oss-security&m=125871729029145&w=2Mailing ListPatch
http://marc.info/?l=oss-security&m=125881481222441&w=2Mailing List

FAQ

What is CVE-2009-3897?

CVE-2009-3897 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, r...

How severe is CVE-2009-3897?

CVE-2009-3897 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-3897?

Check the references section above for vendor advisories and patch information. Affected products include: Dovecot Dovecot.