Vulnerability Name: | CVE-2008-4870 (CCN-46323) | ||||||||||||||||||||
Assigned: | 2008-03-06 | ||||||||||||||||||||
Published: | 2008-03-06 | ||||||||||||||||||||
Updated: | 2022-02-03 | ||||||||||||||||||||
Summary: | dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value. | ||||||||||||||||||||
CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||||||||||||||
CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N) 1.5 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:UR)
1.5 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:UR)
| ||||||||||||||||||||
Vulnerability Type: | CWE-732 | ||||||||||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2008-4870 Source: CCN Type: RHSA-2009-0205 Low: dovecot security and bug fix update Source: CCN Type: SA32164 Dovecot ACL Plugin Security Bypass Security Issues Source: SECUNIA Type: Broken Link 32164 Source: SECUNIA Type: Broken Link 33149 Source: SECUNIA Type: Broken Link 33624 Source: GENTOO Type: Third Party Advisory GLSA-200812-16 Source: CCN Type: Dovecot Download Web site Download Source: CCN Type: GLSA-200812-16 Dovecot: Multiple vulnerabilities Source: CCN Type: oss-security Mailing List, Wed, 29 Oct 2008 14:30:36 -0400 (EDT) CVE Request (dovecot) Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20081029 CVE Request (dovecot) Source: REDHAT Type: Third Party Advisory RHSA-2009:0205 Source: CCN Type: Red Hat Bugzilla Bug 436287 dovecot.conf is world readable - possible password exposure Source: CONFIRM Type: Issue Tracking, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=436287 Source: XF Type: Third Party Advisory, VDB Entry dovecot-dovecot-information-disclosure(46323) Source: XF Type: UNKNOWN dovecot-dovecot-information-disclosure(46323) Source: OVAL Type: Tool Signature oval:org.mitre.oval:def:10776 | ||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
BACK |