From ea8549354e9442e5772a8d0b8d8abffd4d3ad619 Mon Sep 17 00:00:00 2001
From: Wesley Shields <wxs@FreeBSD.org>
Date: Thu, 10 Dec 2009 15:27:42 +0000
Subject: - Document dovecot insecure directory permissions

---
 security/vuxml/vuln.xml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 9545f35a2c6d..5d3c0815793e 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -35,6 +35,36 @@ Note:  Please add new entries to the beginning of this file.
 -->
 
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="30211c45-e52a-11de-b5cd-00e0815b8da8">
+    <topic>dovecot -- Insecure directory permissions</topic>
+    <affects>
+      <package>
+	<name>dovecot</name>
+	<range><lt>1.2.8</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Dovecot author reports:</p>
+	<blockquote cite="http://www.dovecot.org/list/dovecot-news/2009-November/000143.html">
+	  <p>Dovecot v1.2.x had been creating base_dir (and its parents if
+	  necessary) with 0777 permissions. The base_dir's permissions get
+	  changed to 0755 automatically at startup, but you may need to
+	  chmod the parent directories manually.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2009-3897</cvename>
+      <bid>37084</bid>
+      <url>http://secunia.com/advisories/37443</url>
+    </references>
+    <dates>
+      <discovery>2009-11-20</discovery>
+      <entry>2009-12-10</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="3c1a672e-e508-11de-9f4a-001b2134ef46">
     <topic>linux-flashplugin -- multiple vulnerabilities</topic>
     <affects>
-- 
cgit v1.2.3