CVE-2008-4870

EUVD-2008-4849
dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Affected Products (NVD)
VendorProductVersion
dovecotdovecot
1.0.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dovecot
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
bullseye (security)
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dovecot
dapper
ignored
gutsy
ignored
hardy
ignored
intrepid
ignored
jaunty
not-affected
karmic
not-affected
lucid
not-affected
Common Weakness Enumeration
References
http://secunia.com/advisories/32164
http://secunia.com/advisories/33149
http://secunia.com/advisories/33624
http://security.gentoo.org/glsa/glsa-200812-16.xml
http://www.openwall.com/lists/oss-security/2008/10/29/10
http://www.redhat.com/support/errata/RHSA-2009-0205.html
https://bugzilla.redhat.com/show_bug.cgi?id=436287
https://exchange.xforce.ibmcloud.com/vulnerabilities/46323
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10776
http://secunia.com/advisories/32164
http://secunia.com/advisories/33149
http://secunia.com/advisories/33624
http://security.gentoo.org/glsa/glsa-200812-16.xml
http://www.openwall.com/lists/oss-security/2008/10/29/10
http://www.redhat.com/support/errata/RHSA-2009-0205.html
https://bugzilla.redhat.com/show_bug.cgi?id=436287
https://exchange.xforce.ibmcloud.com/vulnerabilities/46323
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10776