VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 6, 2008· Updated Apr 23, 2026

CVE-2008-1199

CVE-2008-1199

Description

Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.

Affected products

32
  • Dovecot (software)/Dovecot32 versions
    cpe:2.3:a:dovecot:dovecot:0.99.13:*:*:*:*:*:*:*+ 31 more
    • cpe:2.3:a:dovecot:dovecot:0.99.13:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:0.99.14:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.beta2:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.beta3:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.beta7:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.beta8:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.rc10:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.rc11:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.rc12:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.rc13:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.rc14:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.rc15:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.rc2:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0_rc29:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.rc3:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.rc4:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.rc5:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.rc6:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.rc7:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.rc8:*:*:*:*:*:*:*
    • cpe:2.3:a:dovecot:dovecot:1.0.rc9:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

18

News mentions

0

No linked articles in our index yet.