[Dovecot] v1.2.8 released

Frank Cusack fcusack at fcusack.com
Fri Nov 20 16:06:39 EET 2009


On November 19, 2009 7:45:05 PM -0500 Timo Sirainen <tss at iki.fi> wrote:
> http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz
> http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz.sig
>
> This is mainly to fix the 0777 base_dir creation issue, which could be
> considered a security hole, exploitable by local users. An attacker
> could for example replace Dovecot's auth socket and log in as other
> users. Gaining root privileges isn't possible though.

Isn't it possible to login as a master user?

-frank


More information about the dovecot mailing list