openSUSE Security Update : dovecot12 (dovecot12-1811)
Medium Nessus Plugin ID 44053
SynopsisThe remote openSUSE host is missing a security update.
DescriptionDovecot created the configured 'base_dir' (/var/run/dovecot) with mode 0777 if it didn't exist, therefore allowing local users to mess with e.g. the authentication socket (CVE-2009-3897).
Note that /var/run/dovecot is part of the dovecot rpm with proper permission settings. Therefor dovecot is not vulnerable in the default configuration as shipped on openSUSE.
SolutionUpdate the affected dovecot12 packages.