20 Nov
2009
20 Nov
'09
4:06 p.m.
On November 19, 2009 7:45:05 PM -0500 Timo Sirainen tss@iki.fi wrote:
http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz.sig
This is mainly to fix the 0777 base_dir creation issue, which could be considered a security hole, exploitable by local users. An attacker could for example replace Dovecot's auth socket and log in as other users. Gaining root privileges isn't possible though.
Isn't it possible to login as a master user?
-frank