Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0990

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2001-0990
Last Modified 05 Sep 2008 04:25:24
Published 04 Sep 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-0990

Summary

Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.

Vulnerable Systems

Application

  • Inter7 Vpopmail 3.4.1

  • Inter7 Vpopmail 3.4.10

  • Inter7 Vpopmail 3.4.11

  • Inter7 Vpopmail 3.4.11e

  • Inter7 Vpopmail 3.4.2

  • Inter7 Vpopmail 3.4.3

  • Inter7 Vpopmail 3.4.4

  • Inter7 Vpopmail 3.4.5

  • Inter7 Vpopmail 3.4.6

  • Inter7 Vpopmail 3.4.7

  • Inter7 Vpopmail 3.4.8

  • Inter7 Vpopmail 3.4.9

  • Inter7 Vpopmail 4.5

  • Inter7 Vpopmail 4.6

  • Inter7 Vpopmail 4.7

  • Inter7 Vpopmail 4.8

  • Inter7 Vpopmail 4.9

  • Inter7 Vpopmail 4.9.10


References

BUGTRAQ - 20010904 BUZ.CH Security Advisory 200109041: Inter7 vpopmail DB pw problem

XF - vpopmail-insecure-auth-data(7076)

BID - 3284

MISC - http://www.inter7.com/vpopmail/ChangeLog


Last Updated: 27 May 2016 10:36:28