FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dovecot -- Insecure directory permissions

Affected packages
1.2.* <= dovecot < 1.2.8

Details

VuXML ID 30211c45-e52a-11de-b5cd-00e0815b8da8
Discovery 2009-11-20
Entry 2009-12-10

Dovecot author reports:

Dovecot v1.2.x had been creating base_dir (and its parents if necessary) with 0777 permissions. The base_dir's permissions get changed to 0755 automatically at startup, but you may need to chmod the parent directories manually.

References

Bugtraq ID 37084
CVE Name CVE-2009-3897
URL http://secunia.com/advisories/37443