Vulnerability Name: | CCN-5526 | ||||||
Published: | 2000-11-01 | ||||||
Updated: | 2000-11-01 | ||||||
Summary: | Many Unix and Linux could allow an attacker to view another user's email messages and possibly gain root privileges. An attacker can send an email message with a specially-crafted string, containing pipe character in the Reply-To: field. If the recipient uses the mail program to reply to the malicious email message, the attacker can gain the privileges of the recipient (possibly root). | ||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||
CVSS v2 Severity: | 10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||
Vulnerability Consequences: | Gain Privileges | ||||||
References: | Source: CCN Type: BugTraq Mailing List, Wed Nov 01 2000 - 12:57:10 CST vulnerability in mail.local Source: CCN Type: BugTraq Mailing List, Wed Nov 01 2000 - 22:13:13 CST Re: vulnerability in mail.local Source: CCN Type: BugTraq Mailing List, Sun Nov 05 2000 - 15:56:17 CST mail Reply-To field exploit Source: XF Type: UNKNOWN mail-replyto-gain-root(5526) | ||||||
Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
BACK |