fkie_nvd - fkie_cve-2004-0881

fkie_cve-2004-0881

Vulnerability from fkie_nvd

Published

2005-01-27 05:00

Modified

2024-11-20 23:49

Severity ?

Summary

getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir.

References

▼	URL	Tags
	cve@mitre.org	http://marc.info/?l=bugtraq&m=109571883130372&w=2
	cve@mitre.org	http://security.gentoo.org/glsa/glsa-200409-32.xml
	cve@mitre.org	http://www.debian.org/security/2004/dsa-553
	cve@mitre.org	http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17439
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=109571883130372&w=2
	af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200409-32.xml
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2004/dsa-553
	af854a3a-2127-422b-91ae-364da2661108	http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17439

Impacted products

Vendor	Product	Version
getmail	getmail	2.3.7
getmail	getmail	3.x
getmail	getmail	4.0
getmail	getmail	4.0.0_b10
getmail	getmail	4.0.1
getmail	getmail	4.0.2
getmail	getmail	4.0.3
getmail	getmail	4.0.4
getmail	getmail	4.0.5
getmail	getmail	4.0.6
getmail	getmail	4.0.7
getmail	getmail	4.0.8
getmail	getmail	4.0.9
getmail	getmail	4.0.10
getmail	getmail	4.0.11
getmail	getmail	4.0.12
getmail	getmail	4.0.13
getmail	getmail	4.1
getmail	getmail	4.1.1
getmail	getmail	4.1.2
getmail	getmail	4.1.3
getmail	getmail	4.1.4
getmail	getmail	4.1.5
gentoo	linux	1.4
slackware	slackware_linux	9.1
slackware	slackware_linux	10.0
slackware	slackware_linux	current

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:getmail:getmail:2.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "44B9739F-FCF9-4E5F-A9D1-49CB39BBF6C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getmail:getmail:3.x:*:*:*:*:*:*:*",
              "matchCriteriaId": "A22B3445-87A8-471F-8D02-5C7D4659F915",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getmail:getmail:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9A2BA9-D5DD-44D9-9BB9-0EC4726B8575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getmail:getmail:4.0.0_b10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D22BC05-E2FC-4839-A68C-9B36487F9025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getmail:getmail:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BB9C751-57B7-45D6-8090-4437A5738B64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getmail:getmail:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AEAC0B6-1AFC-44E9-9A99-1E1461A4F7E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getmail:getmail:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E006277E-F1F9-48C6-A558-6CE034FEB8E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getmail:getmail:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2029B8AA-D93F-4728-9D09-7A6292710E56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getmail:getmail:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA67A71D-96A0-4E94-B323-9BFF8D706555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getmail:getmail:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E29D3B51-4836-495E-9F9D-BCF60C141AB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getmail:getmail:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D23A07F3-9AE4-43F6-86D0-CA1D1562A3F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getmail:getmail:4.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "45825ACF-8D5C-4DE2-9A59-CEE3BFF32594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getmail:getmail:4.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4526FB1-EFC8-42FB-A914-56B570B6DE70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getmail:getmail:4.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "55930804-2994-4619-8681-B9A23D3782B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getmail:getmail:4.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2494418A-473A-4261-BC33-D24A78C3F930",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getmail:getmail:4.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DEF7144-3C41-4435-9411-55E2E9D77FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getmail:getmail:4.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F746212-2CBA-48C4-9F8E-4D4088D581A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getmail:getmail:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B258472-0299-4908-8424-D5BD7118A63A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getmail:getmail:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "150DC643-0825-4896-BB98-0579ACC6B9E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getmail:getmail:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF2B512C-D0B1-4023-8CE4-AF72B61901F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getmail:getmail:4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDFF7A4E-7A41-44E0-B220-28E6B907FBFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getmail:getmail:4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D95386-FBCB-49DE-8691-4043021C8F2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:getmail:getmail:4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE4E384-4964-4E5F-A6BD-F3EF452D0033",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA3D53C9-3806-45E6-8AE9-7D41280EF64C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D29C5A03-A7C9-4780-BB63-CF1E874D018D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:current:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1CB2DD9-E77F-46EE-A145-F87AD10EA8E4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir."
    }
  ],
  "id": "CVE-2004-0881",
  "lastModified": "2024-11-20T23:49:35.810",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-01-27T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-553"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17439"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2004-0881

Vulnerability from cvelistv5

Published

2004-09-24 04:00