6 matches found
CVE-2020-3812
qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, witho...
CVE-2020-3811
CVE-2020-3811 affects netqmail 1.06 (qmail-verify) where improper input handling allows a mail-address verification bypass. Connected Debian/Ubuntu advisories (DLA-2234, USN-4621-1, USN-4556-1) indicate this vulnerability alongside CVE-2020-3812 and older CVEs; mitigation in Debian for Jessie is ...
CVE-2020-3811
Removed by vendor...
Qmail SMTP - Bash Environment Variable Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Qmail SMTP Bash Environment Variable Injection Shellshock', 'Description' = %q This module exploits a shellshock vulnerability on Qmail, a public...
Command injection
The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TL...
CVE-2011-1431
Removed by vendor...