FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dovecot -- Insecure directory permissions

Affected packages
1.2.* <= dovecot < 1.2.8


VuXML ID 30211c45-e52a-11de-b5cd-00e0815b8da8
Discovery 2009-11-20
Entry 2009-12-10

Dovecot author reports:

Dovecot v1.2.x had been creating base_dir (and its parents if necessary) with 0777 permissions. The base_dir's permissions get changed to 0755 automatically at startup, but you may need to chmod the parent directories manually.


Bugtraq ID 37084
CVE Name CVE-2009-3897