Oracle Linux 5 : dovecot (ELSA-2009-0205)

The remote Oracle Linux 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2009-0205 advisory. - Resolves: 436287, CVE-2008-4870 - Resolves: 469015, CVE-2008-4577 Tenable has extracted the preceding description block directly from the Oracle Linu...

RedHat Security Advisory RHSA-2009:0205

The remote host is missing updates to Dovecot announced in advisory RHSA-2009:0205. A flaw was found in Dovecot's ACL plug-in. The ACL plug-in treated negative access rights as positive rights, which could allow an attacker to bypass intended access restrictions. CVE-2008-4577 A password disclosu...

Dovecot: Multiple vulnerabilities

Background Dovecot is an IMAP and POP3 server written with security primarily in mind. Description Several vulnerabilities were found in Dovecot: The "k" right in the aclplugin does not work as expected CVE-2008-4577, CVE-2008-4578 The dovecot.conf is world-readable, providing improper protection...

CVE-2008-4870

dovecot 1.0.7 in Red Hat Enterprise Linux RHEL 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the sslkeypassword parameter value...

Design/Logic Flaw

dovecot 1.0.7 in Red Hat Enterprise Linux RHEL 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the sslkeypassword parameter value...

CVE-2008-4870

dovecot 1.0.7 in Red Hat Enterprise Linux RHEL 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the sslkeypassword parameter value...

CVE-2008-4870

dovecot 1.0.7 in Red Hat Enterprise Linux RHEL 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the sslkeypassword parameter value...