61 matches found
Debian Security Advisory DSA 553-1 (getmail)
The remote host is missing an update to getmail announced via advisory DSA 553-1. OpenVAS Vulnerability Test $Id: deb5531.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 553-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Debian: Security Advisory (DSA-553-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Slackware 10.0 / 9.1 / current : getmail (SSA:2004-278-01)
New getmail packages are available for Slackware 9.1, 10.0 and -current to fix a security issue. If getmail is used as root to deliver to user owned files or directories, it can be made to overwrite system files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packag...
CVE-2004-0881
getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir...
CVE-2004-0880
getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file...
KLA10419 WLF vulnerability in getmail
Unspecified vulnerabilities were found in getmail. By exploiting these vulnerabilities malicious users can overwrite arbitrary files in arbitrary directories. These vulnerabilities can be exploited locally via a symlink attack. Original advisories - Related products getmail CVE list CVE-2004-0881...
[slackware-security] getmail
New getmail packages are available for Slackware 9.1, 10.0 and -current to fix a security issue. If getmail is used as root to deliver to user owned files or directories, it can be made to overwrite system files. More details about this issue may be found in the Common Vulnerabilities and Exposur...
Debian DSA-553-1 : getmail - symlink vulnerability
A security problem has been discovered in getmail, a POP3 and APOP mail gatherer and forwarder. An attacker with a shell account on the victims host could utilise getmail to overwrite arbitrary files when it is running as root. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...
[SECURITY] [DSA 553-1] New getmail packages fix root compromise
-------------------------------------------------------------------------- Debian Security Advisory DSA 553-1 [email protected] http://www.debian.org/security/ Martin Schulze September 27th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 553-1] New getmail packages fix root compromise
-------------------------------------------------------------------------- Debian Security Advisory DSA 553-1 [email protected] http://www.debian.org/security/ Martin Schulze September 27th, 2004 http://www.debian.org/security/faq -...
Multiple getmail bugs
Problems with file handling if application is executed with superuser privileges...
DSA-553-1 getmail - symlink vulnerability
Bulletin has no description...
Local root compromise possible with getmail
The following vulnerabilities apply to all releases of getmail prior to 3.2.5, and all version 4 releases prior to 4.2.0. They do not apply where getmail is run as an unprivileged user, or where an unprivileged external MDA is used for the final delivery of mail. They are not exploitable remotely...
CVE-2004-0881
getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir...
CVE-2004-0880
getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file...
CVE-2004-0881
CVE-2004-0881 affects getmail up to 4.2.0 (and other versions before 3.2.5). When run as root, getmail could overwrite arbitrary files via a symlink attack on maildir subdirectories, enabling local, privilege-escalating impact. Public advisories from Debian (DSA-553) and Slackware note a root com...
CVE-2004-0880
Removed by vendor...
CVE-2004-0881
Removed by vendor...
CVE-2004-0880
CVE-2004-0880 affects getmail 4.x up to version before 4.2.0. When run with root privileges, local users can exploit a symlink attack on an mbox file to overwrite arbitrary files. The risk is described as a local, likely low-severity issue with partial integrity impact; exploitation details are n...
getmail: Filesystem overwrite vulnerability
Background getmail is a reliable fetchmail replacement that supports Maildir, Mboxrd and external MDA delivery. Description David Watson discovered a vulnerability in getmail when it is configured to run as root and deliver mail to the maildirs/mbox files of untrusted local users. A malicious loc...