qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netqmail netqmail 1.06 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
canonical ubuntu linux 20.04 |