oss-sec mailing list archives

Re: CVE Request (dovecot)

From: Nico Golde <oss-security+ml () ngolde de>
Date: Tue, 4 Nov 2008 18:44:33 +0100

Hi,
* Josh Bressers <bressers () redhat com> [2008-10-29 19:55]:

I'm not sure if this is a Red Hat specific issue, but I figured I'd mention it here:
It seems dovecot can have an SSL key file password disclosure issue:
https://bugzilla.redhat.com/show_bug.cgi?id=436287

Basically, if your dovecot.conf file is world readable and you have your SSL key
password in it, anyone can see it.


Looks like this is CVE-2008-4870.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: _bin
Description:

Current thread:

CVE Request (dovecot) Josh Bressers (Oct 29)
- Re: CVE Request (dovecot) Nico Golde (Nov 04)