VYPR
Medium severity5.5NVD Advisory· Published Nov 24, 2009· Updated Jun 16, 2026

CVE-2009-3897

CVE-2009-3897

Description

Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*range: >=1.2.0,<1.2.8
    • (no CPE)range: <1.2.8

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.