CVE-2009-3897

Name of the Vulnerable Software and Affected Versions Dovecot versions 1.2.x through 1.2.7

Description The issue allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base dir directory, and possibly the base dir directory itself. This is due to Dovecot setting 0777 permissions during the creation of certain directories at installation time.

Recommendations For Dovecot versions 1.2.x through 1.2.7, update to version 1.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected directories to minimize the risk of exploitation.