Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2020-3812

Published: 26/05/2020 Updated: 28/04/2022
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Netqmail

Vulnerability Summary

qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

netqmail netqmail 1.06

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

canonical ubuntu linux 20.04

Vendor Advisories

Debian CVElist Bug Report Logs: qmail-verify: CVE-2020-3811 CVE-2020-3812
Debian Bug report logs - #961060 qmail-verify: CVE-2020-3811 CVE-2020-3812 Package: src:netqmail; Maintainer for src:netqmail is Gerrit Pape <pape@smardenorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 19 May 2020 17:33:01 UTC Severity: grave Tags: security, upstream Found in versions netqmai ...
Debian Security Advisories: DSA-4692-1 netqmail -- security update
Georgi Guninski and the Qualys Research Labs discovered multiple vulnerabilities in qmail (shipped in Debian as netqmail with additional patches) which could result in the execution of arbitrary code, bypass of mail address verification and a local information leak whether a file exists or not For the oldstable distribution (stretch), these proble ...

Exploits

Exploit DB: Qualys Security Advisory - Qmail Remote Code Execution
In 2005, three vulnerabilities were discovered in qmail but were never fixed because they were believed to be unexploitable in a default installation Qualys recently re-discovered these vulnerabilities and were able to exploit one of them remotely in a default installation ...

Mailing Lists

Full Disclosure: Remote Code Execution in qmail (CVE-2005-1513)
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Remote Code Execution in qmail (CVE-2005-1513) <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Qualys Sec ...
Full Disclosure: Remote Code Execution in qmail (CVE-2005-1513)
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Remote Code Execution in qmail (CVE-2005-1513) <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Qualys Security Ad ...

References

CWE-269https://bugs.debian.org/961060https://www.openwall.com/lists/oss-security/2020/05/19/8https://www.debian.org/security/2020/dsa-4692https://lists.debian.org/debian-lts-announce/2020/06/msg00002.htmlhttps://usn.ubuntu.com/4556-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961060https://nvd.nist.govhttps://www.debian.org/security/2020/dsa-4692
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook