Package: dovecot Severity: critical Tags: security from http://www.dovecot.org/list/dovecot-news/2009-November/000143.html
This is mainly to fix the 0777 base_dir creation issue, which could be considered a security hole, exploitable by local users. An attacker could for example replace Dovecot's auth socket and log in as other users. Gaining root privileges isn't possible though. This affects only v1.2 users, v1.1 and older versions were creating the directory with 0755 permission. -- System Information: Debian Release: squeeze/sid APT prefers stable APT policy: (700, 'stable'), (650, 'testing'), (600, 'unstable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-rc8-sonne (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
