6 matches found
Oracle Linux 5 : dovecot (ELSA-2009-0205)
The remote Oracle Linux 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2009-0205 advisory. - Resolves: 436287, CVE-2008-4870 - Resolves: 469015, CVE-2008-4577 Tenable has extracted the preceding description block directly from the Oracle Linu...
dovecot security and bug fix update
1.0.7-7 - permissions of deliver and dovecot.conf from 1.0.7-5 reverted - password can be stored in different file readable only for root now - Resolves: 436287, CVE-2008-4870 1.0.7-6 - added missing directory in file list - Resolves: 436287 1.0.7-5 - change permissions of deliver and dovecot.con...
Gentoo Security Advisory GLSA 200812-16 (dovecot)
The remote host is missing updates announced in advisory GLSA 200812-16. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2008-4870
dovecot 1.0.7 in Red Hat Enterprise Linux RHEL 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the sslkeypassword parameter value...
CVE-2008-4870
CVE-2008-4870 is confirmed in Dovecot 1.0.7 on Red Hat Enterprise Linux 5 (and possibly Fedora). The issue arises from world-readable dovecot.conf permissions, allowing local users to read the ssl_key_password. Affected advisories include MiracleLinux AXSA-2009-18:01 and Oracle Linux ELSA-2009-02...
CVE-2008-4870
dovecot 1.0.7 in Red Hat Enterprise Linux RHEL 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the sslkeypassword parameter value...