CVE-2008-1199

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 1.0.11

Description The issue allows local users to potentially read sensitive mail files for other users or modify files and directories that are writable by group. This is possible via a symlink attack when Dovecot is configured to use mail extra groups for creating dotlocks in /var/mail.

Recommendations For versions prior to 1.0.11, update to version 1.0.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of mail extra groups to minimize the risk of exploitation.