[Dovecot] v1.2.8 released
Timo Sirainen
tss at iki.fi
Fri Nov 20 16:14:22 EET 2009
On Nov 20, 2009, at 9:06 AM, Frank Cusack wrote:
> On November 19, 2009 7:45:05 PM -0500 Timo Sirainen <tss at iki.fi> wrote:
>> http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz
>> http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz.sig
>>
>> This is mainly to fix the 0777 base_dir creation issue, which could be
>> considered a security hole, exploitable by local users. An attacker
>> could for example replace Dovecot's auth socket and log in as other
>> users. Gaining root privileges isn't possible though.
>
> Isn't it possible to login as a master user?
"Master user" simply means ability to log in as another user with your own password. There's no way to log in as root.
More information about the dovecot
mailing list