[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: v1.2.8 released to fix the 0777
From: Josh Bressers <bressers () redhat ! com>
Date: 2009-11-23 18:57:27
Message-ID: 788268192.590651259002647709.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
Please use CVE-2009-3897 for this.
Thanks.
--
JB
----- "Thomas Biege" <thomas@suse.de> wrote:
> Hello.
>
> http://www.dovecot.org/list/dovecot-news/2009-November/000143.html
>
> http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz
> http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz.sig
>
> This is mainly to fix the 0777 base_dir creation issue, which could
> be
> considered a security hole, exploitable by local users. An attacker
> could for example replace Dovecot's auth socket and log in as other
> users. Gaining root privileges isn't possible though.
>
> This affects only v1.2 users, v1.1 and older versions were creating
> the
> directory with 0755 permission.
>
> If your Dovecot's base_dir isn't in /var/run/dovecot/, you should
> also
> make sure that the $prefix/var/ and $prefix/var/run/
> (i.e. /usr/local/var/, /usr/local/var/run/ by default) aren't 0777.
>
> * Dovecot v1.2.x had been creating base_dir (and its parents if
> necessary) with 0777 permissions. The base_dir's permissions get
> changed to 0755 automatically at startup, but you may need to
> chmod the parent directories manually.
>
> - acl: If user has rights from more than one group, merge them
> instead
> of choosing one group's rights and ignoring others.
> - virtual: When using a lot of mailboxes, the virtual mailbox's
> header
> could have grown over 32 kB and caused "out of memory" crashes.
> Also
> over 64 kB headers couldn't even be updated with existing
> transaction
> log records. Added a new record type that gets used with >=64 kB
> headers. Older Dovecot versions don't understand this header and
> will log errors if they see it.
> - FETCH BODYSTRUCTURE didn't return RFC 2231 "key*" fields correctly
>
>
> --
> Bye,
> Thomas
> --
> Thomas Biege <thomas@suse.de>, SUSE LINUX, Security Support &
> Auditing
> SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
> --
> Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
> -- Marie von Ebner-Eschenbach
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic