Re: CVE request: v1.2.8 released to fix the 0777 base_dir creation issue

[Josh Bressers <bressers () redhat com>]

Please use CVE-2009-3897 for this.

Thanks.

-- 
    JB


----- "Thomas Biege" <thomas () suse de> wrote:

> Hello.
>
> http://www.dovecot.org/list/dovecot-news/2009-November/000143.html
>
> http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz
> http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz.sig
>
> This is mainly to fix the 0777 base_dir creation issue, which could
> be
> considered a security hole, exploitable by local users. An attacker
> could for example replace Dovecot's auth socket and log in as other
> users. Gaining root privileges isn't possible though.
>
> This affects only v1.2 users, v1.1 and older versions were creating
> the
> directory with 0755 permission.
>
> If your Dovecot's base_dir isn't in /var/run/dovecot/, you should
> also
> make sure that the $prefix/var/ and $prefix/var/run/
> (i.e. /usr/local/var/, /usr/local/var/run/ by default) aren't 0777.
>
>       * Dovecot v1.2.x had been creating base_dir (and its parents if
>         necessary) with 0777 permissions. The base_dir's permissions get
>         changed to 0755 automatically at startup, but you may need to
>         chmod the parent directories manually.
>
>       - acl: If user has rights from more than one group, merge them
> instead
>         of choosing one group's rights and ignoring others.
>       - virtual: When using a lot of mailboxes, the virtual mailbox's
> header
>         could have grown over 32 kB and caused "out of memory" crashes.
> Also
>         over 64 kB headers couldn't even be updated with existing
> transaction
>         log records. Added a new record type that gets used with >=64 kB
>         headers. Older Dovecot versions don't understand this header and
>         will log errors if they see it.
>       - FETCH BODYSTRUCTURE didn't return RFC 2231 "key*" fields correctly
>
>
> -- 
> Bye,
>      Thomas
> -- 
>  Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support &
> Auditing
>  SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
> -- 
>   Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
>                             -- Marie von Ebner-Eschenbach