Configuration
CVE-2008-1199
Summary
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
- MEDIUM
- LOCAL
- NONE
- PARTIAL
- PARTIAL
- PARTIAL
CWE-16 - Configuration
Weaknesses in this category are typically introduced during the configuration of the software.
References
Advisory Timeline
- Published