VDB
CVE-2008-1199
CVE-2008-1199
PUBLISHED
CVSS 4.400000095367432 MEDIUM
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
EPSS 0.04% · 12.1th percentile
Risk Scores
CVSS 2.0
4.400000095367432
EPSS Score
0.04%
12.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| dovecot | dovecot | 0.99.13, 1.0, 1.0.2 |
| n/a | n/a | n/a |
Timeline
- Mar 6, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- GLSA-200803-25 vendor-advisory
- oval:org.mitre.oval:def:10739 vdb
- [Dovecot-news] 20080504 v1.0.11 released mailing-list
- 29557 third-party-advisory
- 20080304 Dovecot mail_extra_groups setting is often used insecurely mailing-list
- 30342 third-party-advisory
- RHSA-2008:0297 vendor-advisory
- DSA-1516 vendor-advisory
- USN-593-1 vendor-advisory
- FEDORA-2008-2475 vendor-advisory
- SUSE-SR:2008:020 vendor-advisory
- 28092 vdb
- 29226 third-party-advisory
- 32151 third-party-advisory
- 29385 third-party-advisory
- dovecot-mailextragroups-unauth-access(41009) vdb
- FEDORA-2008-2464 vendor-advisory
- 29396 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2008-1199 advisory
- https://usn.ubuntu.com/593-1 url