oss-sec mailing list archives
Re: CVE Request (dovecot)
From: Nico Golde <oss-security+ml () ngolde de>
Date: Tue, 4 Nov 2008 18:44:33 +0100
Hi, * Josh Bressers <bressers () redhat com> [2008-10-29 19:55]:
I'm not sure if this is a Red Hat specific issue, but I figured I'd mention it here: It seems dovecot can have an SSL key file password disclosure issue: https://bugzilla.redhat.com/show_bug.cgi?id=436287 Basically, if your dovecot.conf file is world readable and you have your SSL key password in it, anyone can see it.
Looks like this is CVE-2008-4870. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- CVE Request (dovecot) Josh Bressers (Oct 29)
- Re: CVE Request (dovecot) Nico Golde (Nov 04)