Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4870 to the following vulnerability: dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value. References: http://www.openwall.com/lists/oss-security/2008/10/29/10 https://bugzilla.redhat.com/show_bug.cgi?id=436287
This issue has been addressed in following products: Red Hat Linux Enterprise 5 Via RHSA-2009:0205 available at https://rhn.redhat.com/errata/RHSA-2009-0205.html