[Dovecot] v1.2.8 released
Frank Cusack
fcusack at fcusack.com
Fri Nov 20 16:06:39 EET 2009
On November 19, 2009 7:45:05 PM -0500 Timo Sirainen <tss at iki.fi> wrote:
> http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz
> http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz.sig
>
> This is mainly to fix the 0777 base_dir creation issue, which could be
> considered a security hole, exploitable by local users. An attacker
> could for example replace Dovecot's auth socket and log in as other
> users. Gaining root privileges isn't possible though.
Isn't it possible to login as a master user?
-frank
More information about the dovecot
mailing list