// For flags

CVE-2008-1199

dovecot: insecure mail_extra_groups option

Severity Score

4.4
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.

Dovecot antes de 1.0.11, cuando se configura para utilizar mail_extra_groups para permitir a Dovecot crear dotlocks en /var/mail, podría permitir a usuarios locales leer archivos de mail sensibles para otros usuarios, o modificar archivos o directorios que sean escribibles por el grupo, a través de un ataque de enlaces simbólicos.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Local
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-03-06 CVE Reserved
  • 2008-03-06 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-16: Configuration
  • CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
0.99.13
Search vendor "Dovecot" for product "Dovecot" and version "0.99.13"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
0.99.14
Search vendor "Dovecot" for product "Dovecot" and version "0.99.14"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0
Search vendor "Dovecot" for product "Dovecot" and version "1.0"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.2
Search vendor "Dovecot" for product "Dovecot" and version "1.0.2"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.3
Search vendor "Dovecot" for product "Dovecot" and version "1.0.3"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.4
Search vendor "Dovecot" for product "Dovecot" and version "1.0.4"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.5
Search vendor "Dovecot" for product "Dovecot" and version "1.0.5"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.6
Search vendor "Dovecot" for product "Dovecot" and version "1.0.6"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.7
Search vendor "Dovecot" for product "Dovecot" and version "1.0.7"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.8
Search vendor "Dovecot" for product "Dovecot" and version "1.0.8"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.9
Search vendor "Dovecot" for product "Dovecot" and version "1.0.9"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.10
Search vendor "Dovecot" for product "Dovecot" and version "1.0.10"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.beta2
Search vendor "Dovecot" for product "Dovecot" and version "1.0.beta2"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.beta3
Search vendor "Dovecot" for product "Dovecot" and version "1.0.beta3"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.beta7
Search vendor "Dovecot" for product "Dovecot" and version "1.0.beta7"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.beta8
Search vendor "Dovecot" for product "Dovecot" and version "1.0.beta8"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.rc1
Search vendor "Dovecot" for product "Dovecot" and version "1.0.rc1"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.rc2
Search vendor "Dovecot" for product "Dovecot" and version "1.0.rc2"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.rc3
Search vendor "Dovecot" for product "Dovecot" and version "1.0.rc3"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.rc4
Search vendor "Dovecot" for product "Dovecot" and version "1.0.rc4"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.rc5
Search vendor "Dovecot" for product "Dovecot" and version "1.0.rc5"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.rc6
Search vendor "Dovecot" for product "Dovecot" and version "1.0.rc6"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.rc7
Search vendor "Dovecot" for product "Dovecot" and version "1.0.rc7"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.rc8
Search vendor "Dovecot" for product "Dovecot" and version "1.0.rc8"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.rc9
Search vendor "Dovecot" for product "Dovecot" and version "1.0.rc9"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.rc10
Search vendor "Dovecot" for product "Dovecot" and version "1.0.rc10"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.rc11
Search vendor "Dovecot" for product "Dovecot" and version "1.0.rc11"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.rc12
Search vendor "Dovecot" for product "Dovecot" and version "1.0.rc12"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.rc13
Search vendor "Dovecot" for product "Dovecot" and version "1.0.rc13"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.rc14
Search vendor "Dovecot" for product "Dovecot" and version "1.0.rc14"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0.rc15
Search vendor "Dovecot" for product "Dovecot" and version "1.0.rc15"
-
Affected
Dovecot
Search vendor "Dovecot"
Dovecot
Search vendor "Dovecot" for product "Dovecot"
1.0_rc29
Search vendor "Dovecot" for product "Dovecot" and version "1.0_rc29"
-
Affected