CVE-2008-1199
EPSS 0.04%dovecot - privilege escalation
Published: 3/6/2008Modified: 4/28/2026
Also known as:DEBIAN-CVE-2008-1199
Description
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
Affected packages (2)
- Debian/dovecotfrom 0, < 1:1.0.12-1
- Debian/dovecotfrom 0, < 1.0.rc15-2etch4