CVE-2016-4983Incorrect Permission Assignment in Dovecot

CWE-732Incorrect Permission Assignment5 documents5 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 65.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Fedora Dovecot22Opensuse LeapOpensuse+2 more
Timeline
PublishedNov 5
Latest updateMay 24

Description

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5fedora/dovecot22dovecot22-2.2.13-3.7.1, dovecot22-2.2.18-9.1, dovecot22-2.2.25-3.1+2
NVDopensuse/leap42.1, 42.2+1

Also affects: Enterprise Linux 4.0, 5.0, 6.0, 7.0

🔴Vulnerability Details

1
GHSA
GHSA-7cmr-c7xr-8xx6: A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files2022-05-24

📋Vendor Advisories

2
Red Hat
dovecot insecure SSL/TLS key and certificate file creation2016-06-13
Debian
CVE-2016-4983: dovecot - A postinstall script in the dovecot rpm allows local users to read the contents ...2016

💬Community

1
Bugzilla
CVE-2016-4983 dovecot insecure SSL/TLS key and certificate file creation2016-06-13
CVE-2016-4983 — Incorrect Permission Assignment | cvebase