Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4870

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2008-4870
Last Modified 21 Aug 2010 01:25:21
Published 31 Oct 2008 08:00:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-4870

Summary

dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.

Vulnerable Systems

Application

  • Dovecot 1.0.7


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=436287

XF - dovecot-dovecot-information-disclosure(46323)

REDHAT - RHSA-2009:0205

MLIST - [oss-security] 20081029 CVE Request (dovecot)

GENTOO - GLSA-200812-16

SECUNIA - 33624

SECUNIA - 33149

SECUNIA - 32164

Related Patches

Red Hat 2009:0205-10 RHSA Low: dovecot security and bug fix update for RHEL 5 x86


Last Updated: 27 May 2016 10:48:39