Community Forums
Connect with us on LinkedIn
Community Notice
Dovecot v1.2 security alert
  
+ Reply to Thread
Results 1 to 3 of 3
  1. 11-22-2009 11:18 AM #1
    Spiral
    Spiral is offline
    BANNED
    Join Date
    Jun 2005
    Location
    Wild Wild West
    Posts
    2,025
    Send a message via AIM to Spiral

    Lightbulb Dovecot v1.2 security alert

    New advisory on Dovecot if it's relevant to anyone ...

    Dovecot Insecure Directory Permissions Security Issue - Secunia Advisories - Vulnerability Information - Secunia.com
    Reply With Quote Reply With Quote
  2. 11-23-2009 03:55 PM #2
    BianchiDude
    BianchiDude is offline
    cPanel Partner NOC cPanel Partner NOC Badge
    Join Date
    Jul 2005
    Posts
    598

    Default

    Can anyone confirm or gainsay if this affects the dovecot version 1.1.19 that cpanel uses?

    And if so when will a fix be available?

    I ran upcp just now and still have version 1.1.19

    TIA
    Reply With Quote Reply With Quote
  3. 11-24-2009 12:25 AM #3
    cPanelDon
    cPanelDon is offline
    cPanel Quality Assurance Analyst cPanelDon's Avatar
    Join Date
    Nov 2008
    Location
    Houston, Texas, U.S.A.
    Posts
    2,554
    cPanel/Enkompass Access Level

    DataCenter Provider
    Send a message via ICQ to cPanelDon Send a message via AIM to cPanelDon Send a message via MSN to cPanelDon Send a message via Yahoo to cPanelDon Send a message via Skype™ to cPanelDon

    Lightbulb

    According to both the vendor and the third-party "secunia" link the issue only affects Dovecot releases in the version 1.2 series that were released prior to version 1.2.8; this does not affect the Dovecot version 1.1 series used by cPanel.

    Reference: [Dovecot-news] v1.2.8 released
    This is mainly to fix the 0777 base_dir creation issue, which could be considered a security hole, exploitable by local users. An attacker could for example replace Dovecot's auth socket and log in as other users. Gaining root privileges isn't possible though.

    This affects only v1.2 users, v1.1 and older versions were creating the directory with 0755 permission.
    cPResources: Submit a Support Request - Submit a Bug Report - Review existing Tickets-- Donald cPanelDon Holl - Analyst, cPanel Quality Assurance
    Reply With Quote Reply With Quote
«   My server has been hacked again. Please Help me! | Server compromised, concerns... »     
Similar Threads & Tags
Similar threads

  1. Security Alert!
    By sexy_guy in forum cPanel and WHM Discussions
    Replies: 64
    Last Post: 05-26-2006, 05:28 AM
  2. Security Alert
    By devellion in forum cPanel and WHM Discussions
    Replies: 5
    Last Post: 04-04-2006, 04:26 AM
  3. Security Alert
    By engrkhalid in forum cPanel and WHM Discussions
    Replies: 0
    Last Post: 03-24-2004, 02:36 AM
  4. Should I be Security Alert?
    By Doctor in forum cPanel and WHM Discussions
    Replies: 0
    Last Post: 12-11-2003, 04:56 AM
  5. security alert in log
    By shann in forum cPanel and WHM Discussions
    Replies: 0
    Last Post: 06-20-2003, 03:40 PM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube