| Vulnerability Name: | CVE-2004-0880 (CCN-17437) |
| Assigned: | 2004-09-19 |
| Published: | 2004-09-19 |
| Updated: | 2017-07-11 |
| Summary: | getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.
|
| CVSS v3 Severity: | 2.9 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): Low
Availibility (A): None |
|
| CVSS v2 Severity: | 1.2 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None |
1.2 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None |
|
| Vulnerability Type: | CWE-Other
|
| Vulnerability Consequences: | Gain Privileges |
| References: | Source: CCN
Type: Full-Disclosure Mailing List, Sun Sep 19 2004 - 09:32:38 CDT
Local root compromise possible with getmail
Source: MITRE
Type: CNA
CVE-2004-0880
Source: BUGTRAQ
Type: UNKNOWN
20040919 Local root compromise possible with getmail
Source: CCN
Type: getmail Web page
Charles Cazabon's Software
Source: CCN
Type: getmail documentation Web page
getmail documentation
Source: GENTOO
Type: UNKNOWN
GLSA-200409-32
Source: DEBIAN
Type: UNKNOWN
DSA-553
Source: DEBIAN
Type: DSA-553
getmail -- symlink vulnerability
Source: CCN
Type: GLSA-200409-32
getmail: Filesystem overwrite vulnerability
Source: CCN
Type: OSVDB ID: 10072
getmail /tmp Symlink Local Privilege Escalation
Source: CONFIRM
Type: UNKNOWN
http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG
Source: CCN
Type: BID-11224
Getmail Local Symbolic Link Vulnerability
Source: CCN
Type: Slackware Security Advisory Mon, 4 Oct 2004 12:52:39 -0700 (PDT)
getmail (SSA:2004-278-01)
Source: XF
Type: UNKNOWN
getmail-mbox-race-condition(17437)
Source: XF
Type: UNKNOWN
getmail-mbox-race-condition(17437)
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:getmail:getmail:2.3.7:*:*:*:*:*:*:*OR cpe:/a:getmail:getmail:3.x:*:*:*:*:*:*:*OR cpe:/a:getmail:getmail:4.0:*:*:*:*:*:*:*OR cpe:/a:getmail:getmail:4.0.0_b10:*:*:*:*:*:*:*OR cpe:/a:getmail:getmail:4.0.1:*:*:*:*:*:*:*OR cpe:/a:getmail:getmail:4.0.2:*:*:*:*:*:*:*OR cpe:/a:getmail:getmail:4.0.3:*:*:*:*:*:*:*OR cpe:/a:getmail:getmail:4.0.4:*:*:*:*:*:*:*OR cpe:/a:getmail:getmail:4.0.5:*:*:*:*:*:*:*OR cpe:/a:getmail:getmail:4.0.6:*:*:*:*:*:*:*OR cpe:/a:getmail:getmail:4.0.7:*:*:*:*:*:*:*OR cpe:/a:getmail:getmail:4.0.8:*:*:*:*:*:*:*OR cpe:/a:getmail:getmail:4.0.9:*:*:*:*:*:*:*OR cpe:/a:getmail:getmail:4.0.10:*:*:*:*:*:*:*OR cpe:/a:getmail:getmail:4.0.11:*:*:*:*:*:*:*OR cpe:/a:getmail:getmail:4.0.12:*:*:*:*:*:*:*OR cpe:/a:getmail:getmail:4.0.13:*:*:*:*:*:*:*OR cpe:/a:getmail:getmail:4.1:*:*:*:*:*:*:*OR cpe:/a:getmail:getmail:4.1.1:*:*:*:*:*:*:*OR cpe:/a:getmail:getmail:4.1.2:*:*:*:*:*:*:*OR cpe:/a:getmail:getmail:4.1.3:*:*:*:*:*:*:*OR cpe:/a:getmail:getmail:4.1.4:*:*:*:*:*:*:*OR cpe:/a:getmail:getmail:4.1.5:*:*:*:*:*:*:*
Configuration 2:
cpe:/o:gentoo:linux:1.4:*:*:*:*:*:*:*OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*OR cpe:/o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
|
| BACK |