Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0880

Overview

Vulnerability Score 1.2 1.2
CVE Id CVE-2004-0880
Last Modified 10 Sep 2008 03:28:08
Published 27 Jan 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2004-0880

Summary

getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.

Vulnerable Systems

Operating System

  • Gentoo Linux 1.4

  • Slackware Linux 10.0

  • Slackware Linux 9.1

  • Slackware Linux Current

Application

  • Getmail 2.3.7

  • Getmail 3.x

  • Getmail 4.0

  • Getmail 4.0.0 B10

  • Getmail 4.0.1

  • Getmail 4.0.10

  • Getmail 4.0.11

  • Getmail 4.0.12

  • Getmail 4.0.13

  • Getmail 4.0.2

  • Getmail 4.0.3

  • Getmail 4.0.4

  • Getmail 4.0.5

  • Getmail 4.0.6

  • Getmail 4.0.7

  • Getmail 4.0.8

  • Getmail 4.0.9

  • Getmail 4.1

  • Getmail 4.1.1

  • Getmail 4.1.2

  • Getmail 4.1.3

  • Getmail 4.1.4

  • Getmail 4.1.5


References

BUGTRAQ - 20040919 Local root compromise possible with getmail

XF - getmail-mbox-race-condition(17437)

CONFIRM - http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG

DEBIAN - DSA-553

GENTOO - GLSA-200409-32


Last Updated: 27 May 2016 10:38:47