dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2008-10-31T22:00:00
Updated: 2024-08-07T10:31:27.923Z
Reserved: 2008-10-31T00:00:00
Link: CVE-2008-4870
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2008-11-01T00:00:01.273
Modified: 2022-02-03T19:58:59.337
Link: CVE-2008-4870
Redhat