Lucene search

[email protected]CVE-2008-4870

HistoryNov 01, 2008 - 12:00 a.m.

CVE-2008-4870

2008-11-0100:00:00

CWE-732

[email protected]

web.nvd.nist.gov

cve-2008-4870

dovecot

red hat enterprise linux

rhel 5

fedora

nvd

information security

vulnerability

5.9 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.

CPENameOperatorVersion
dovecot:dovecotdovecoteq1.0.7

CPE	Name	Operator	Version
dovecot:dovecot	dovecot	eq	1.0.7

References

secunia.com/advisories/32164

secunia.com/advisories/33149

secunia.com/advisories/33624

security.gentoo.org/glsa/glsa-200812-16.xml

www.openwall.com/lists/oss-security/2008/10/29/10

www.redhat.com/support/errata/RHSA-2009-0205.html

bugzilla.redhat.com/show_bug.cgi?id=436287

exchange.xforce.ibmcloud.com/vulnerabilities/46323

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10776

5.9 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2008-4870

prion1 ubuntucve1 veracode1 debiancve1 openvas10 nessus4 oraclelinux1 redhat1 gentoo1