Summary
This host has Dovecot installed and is prone to Security Bypass Vulnerability
Impact
Successful attack could allow malicious people to log in as another user, which may aid in further attacks.
Impact Level: System
Solution
Apply the patch or upgrade to Dovecot version 1.2.8 http://www.dovecot.org/download.html
Insight
This flaw is due to insecure permissions (0777) being set on the 'base_dir' directory and its parents, which could allow malicious users to replace auth sockets and log in as other users.
Affected
Dovecot versions 1.2 before 1.2.8
References
Severity
Classification
-
CVE CVE-2009-3897 -
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple iTunes Insecure Permissions Privilege Escalation Vulnerability (Mac OS X)
- Apple Safari Address Bar Spoofing Vulnerability june-10 (Win)
- Apple Safari 'javascript: URI' XSS Vulnerability - Sep09
- Apache Tomcat AJP Request Remote Denial Of Service Vulnerability
- Apache Tomcat Multiple Vulnerabilities - 01 Mar14