Strix
26.1K

CVE-2008-1199

UnknownEPSS 0.34%

Last modified

CVE-2008-1199 is a vulnerability of currently unknown severity. Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.. EPSS estimates a 0.34% chance of exploitation in the next 30 days.

Description

Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.

Metrics

EPSS Probability
0.34%

26.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DovecotDovecot0.99.13
DovecotDovecot0.99.14
DovecotDovecot1.0
DovecotDovecot1.0.2
DovecotDovecot1.0.3
DovecotDovecot1.0.4
DovecotDovecot1.0.5
DovecotDovecot1.0.6
DovecotDovecot1.0.7
DovecotDovecot1.0.8
DovecotDovecot1.0.9
DovecotDovecot1.0.10
DovecotDovecot1.0.beta2
DovecotDovecot1.0.beta3
DovecotDovecot1.0.beta7
DovecotDovecot1.0.beta8
DovecotDovecot1.0.rc1
DovecotDovecot1.0.rc2
DovecotDovecot1.0.rc3
DovecotDovecot1.0.rc4
DovecotDovecot1.0.rc5
DovecotDovecot1.0.rc6
DovecotDovecot1.0.rc7
DovecotDovecot1.0.rc8
DovecotDovecot1.0.rc9
DovecotDovecot1.0.rc10
DovecotDovecot1.0.rc11
DovecotDovecot1.0.rc12
DovecotDovecot1.0.rc13
DovecotDovecot1.0.rc14
DovecotDovecot1.0.rc15
DovecotDovecot1.0_rc29

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2008-1199?
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
How severe is CVE-2008-1199?
Severity scoring for CVE-2008-1199 is pending analysis. The EPSS model estimates a 0.34% probability of exploitation in the next 30 days.
How do I fix CVE-2008-1199?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2008-1199?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST