- Home
- CVEs with nessus.description==It was discovered that the default configuration of dovecot could allow access to any email files with group 'mail' without verifying that a user had valid rights. An attacker able to create symlinks in their mail directory could exploit this to read or delete another user's email. (CVE-2008-1199)
By default, dovecot passed special characters to the underlying authentication systems. While Ubuntu releases of dovecot are not known to be vulnerable, the authentication routine was proactively improved to avoid potential future problems. (CVE-2008-1218).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top