Local File Read Vulnerability in Dovecot by Dovecot AB
CVE-2016-4983

3.3LOW

Key Information:

Vendor: Fedora
Status: Dovecot22
Vendor: CVE Published:; 5 November 2019

🔔 Create Fedora Vulnerability Alert

What is CVE-2016-4983?

A vulnerability was discovered in the postinstall script of the Dovecot RPM package, which permits local users to gain unauthorized access to the contents of newly created SSL/TLS key files. This issue could potentially lead to sensitive data exposure and compromise the security of the affected environment, allowing attackers to exploit this weakness if they possess local user access.

Affected Version(s)

dovecot22 dovecot22-2.2.25-3.1

dovecot22 dovecot22-2.2.18-9.1

dovecot22 dovecot22-2.2.13-3.7.1

References

https://bugzilla.suse.com/show_bug.cgi?id=984639

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=1346055

x_refsource_MISC

http://lists.opensuse.org/opensuse-updates/2016-11/msg000...

x_refsource_MISC

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 5, 2019
Vulnerability Reserved
May 24, 2016

CVE-2016-4983 Data

.