CVE-2009-3897 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-3897 Interim 1 6 2024-09-12T02:42:25Z current 2021-05-30T12:49:05Z 2024-09-12T02:42:25Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-3897 Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SOI52VR6A5ORCLDU624EY4IWHP3WRQWC/#SOI52VR6A5ORCLDU624EY4IWHP3WRQWC E-Mail link for SUSE-SR:2010:001 https://www.suse.com/support/security/rating/ SUSE Security Ratings Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself. CVE-2009-3897 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N