Search criteria
15 vulnerabilities found for getmail by getmail
FKIE_CVE-2014-7275
Vulnerability from fkie_nvd - Published: 2014-10-08 01:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BB9C751-57B7-45D6-8090-4437A5738B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AEAC0B6-1AFC-44E9-9A99-1E1461A4F7E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E006277E-F1F9-48C6-A558-6CE034FEB8E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2029B8AA-D93F-4728-9D09-7A6292710E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EA67A71D-96A0-4E94-B323-9BFF8D706555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E29D3B51-4836-495E-9F9D-BCF60C141AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D23A07F3-9AE4-43F6-86D0-CA1D1562A3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "45825ACF-8D5C-4DE2-9A59-CEE3BFF32594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E4526FB1-EFC8-42FB-A914-56B570B6DE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "55930804-2994-4619-8681-B9A23D3782B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2494418A-473A-4261-BC33-D24A78C3F930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1DEF7144-3C41-4435-9411-55E2E9D77FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1F746212-2CBA-48C4-9F8E-4D4088D581A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B258472-0299-4908-8424-D5BD7118A63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "150DC643-0825-4896-BB98-0579ACC6B9E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF2B512C-D0B1-4023-8CE4-AF72B61901F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EDFF7A4E-7A41-44E0-B220-28E6B907FBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "85D95386-FBCB-49DE-8691-4043021C8F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE4E384-4964-4E5F-A6BD-F3EF452D0033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "353ED688-0E51-481B-AB2C-B221789BFA0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6826172E-6B0A-4AD4-B208-D76A3EFA0ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED2B7B5-828D-4EF2-B261-EDD0C4C0F82A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE58943D-E5D9-4B49-B1E0-4968B4C31EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42EF705A-6177-4892-B422-4279FFDA44FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2E626006-6738-47D3-9B68-5E46BE707ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97417756-5B97-482E-98EF-4C830B8CA5C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F78B178-34E9-43C0-B6AC-4721AAAE88E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E25C2948-FBA2-4DBC-B159-4E534582F7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "598527D1-1C01-40E8-9136-24BF0C84CBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C978EC76-C765-4013-B6EE-86C8253D61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B6F58-69C6-4E7A-82EC-FD2C35E09476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A7EED28-BAD6-4EF6-8EA6-298078F1532B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C30D6AF-8065-4704-BD48-02906BE5AD17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5107BC4B-3FD2-4566-8529-BE214421A2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED8F86E-D02D-40A7-9BE1-65FB81CA7A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "458AA23D-33BF-412C-99B8-A76E042F9F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4074E219-D5D1-4CB3-BF6F-DD26C68F46AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85B6FA09-D731-4621-8526-5BC0C52FC5B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "768F553E-BC99-407E-BD9A-5D0162102DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9665553-24BF-4B89-8336-22C5627B5BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B57A507-A3E2-421B-9092-910A4A4168C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79370501-0E08-40D7-BC2F-9D88C9FFEA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.25.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B46A68-C096-4B96-A9BF-7DB01743A199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "440165D6-6AA6-48AE-B52C-F871568AEA12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C932E13-E281-4D2C-AC11-873F83A8DE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9415F3-ACDF-4C3B-91C2-02D589312137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.29.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33867423-85F6-4948-BD5A-4964E447C4FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.30.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19547C8A-252A-4CEE-89CF-BCB4D5683A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.31.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E393D9EF-2A64-4D60-B554-E8F6535D9CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.32.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C84D3012-9F73-47BE-BC9D-54F644D5EA8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.33.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D00742C-1E33-4E55-8AD6-9E7D66C375EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.34.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43618CED-404D-4D38-941B-3A40494FF239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.35.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A031B91A-CF73-4800-B1E2-48B7F7EDE6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.36.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4270FB-39BD-4708-B580-10B12B8B1553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.37.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98A0FFDC-EC5C-41D2-A3B2-FA333A35E766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.38.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B80FBCC-A32A-4AD3-8DFB-FF5A30F3290C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.39.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE7E687-45FC-4A0C-BC48-18C4B1535CE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.40.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76602CEC-3131-4C45-B967-BB5CA7B9CD20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.41.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A45D818B-271A-4963-9DC1-BF4561A80D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.42.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31C4CFEF-D15D-4D74-B903-81763D484C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.43.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D3BA00-76EE-4F6F-AB93-84E56A745884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.44.0:*:*:*:*:*:*:*",
"matchCriteriaId": "565C1A4F-D171-40CA-8F5A-E616DCD7DF79",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate."
},
{
"lang": "es",
"value": "La implementaci\u00f3n POP3-over-SSL en getmail 4.0.0 hasta 4.44.0 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores POP3 y obtener informaci\u00f3n sensible a trav\u00e9s de un certificado manipulado."
}
],
"id": "CVE-2014-7275",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-10-08T01:55:05.830",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"source": "cve@mitre.org",
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61229"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3091"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-7273
Vulnerability from fkie_nvd - Published: 2014-10-08 01:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC9A2BA9-D5DD-44D9-9BB9-0EC4726B8575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.0_b10:*:*:*:*:*:*:*",
"matchCriteriaId": "8D22BC05-E2FC-4839-A68C-9B36487F9025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BB9C751-57B7-45D6-8090-4437A5738B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AEAC0B6-1AFC-44E9-9A99-1E1461A4F7E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E006277E-F1F9-48C6-A558-6CE034FEB8E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2029B8AA-D93F-4728-9D09-7A6292710E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EA67A71D-96A0-4E94-B323-9BFF8D706555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E29D3B51-4836-495E-9F9D-BCF60C141AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D23A07F3-9AE4-43F6-86D0-CA1D1562A3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "45825ACF-8D5C-4DE2-9A59-CEE3BFF32594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E4526FB1-EFC8-42FB-A914-56B570B6DE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "55930804-2994-4619-8681-B9A23D3782B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2494418A-473A-4261-BC33-D24A78C3F930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1DEF7144-3C41-4435-9411-55E2E9D77FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1F746212-2CBA-48C4-9F8E-4D4088D581A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B258472-0299-4908-8424-D5BD7118A63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "150DC643-0825-4896-BB98-0579ACC6B9E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF2B512C-D0B1-4023-8CE4-AF72B61901F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EDFF7A4E-7A41-44E0-B220-28E6B907FBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "85D95386-FBCB-49DE-8691-4043021C8F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE4E384-4964-4E5F-A6BD-F3EF452D0033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "353ED688-0E51-481B-AB2C-B221789BFA0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6826172E-6B0A-4AD4-B208-D76A3EFA0ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED2B7B5-828D-4EF2-B261-EDD0C4C0F82A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE58943D-E5D9-4B49-B1E0-4968B4C31EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42EF705A-6177-4892-B422-4279FFDA44FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2E626006-6738-47D3-9B68-5E46BE707ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97417756-5B97-482E-98EF-4C830B8CA5C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F78B178-34E9-43C0-B6AC-4721AAAE88E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E25C2948-FBA2-4DBC-B159-4E534582F7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "598527D1-1C01-40E8-9136-24BF0C84CBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C978EC76-C765-4013-B6EE-86C8253D61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B6F58-69C6-4E7A-82EC-FD2C35E09476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A7EED28-BAD6-4EF6-8EA6-298078F1532B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C30D6AF-8065-4704-BD48-02906BE5AD17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5107BC4B-3FD2-4566-8529-BE214421A2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED8F86E-D02D-40A7-9BE1-65FB81CA7A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "458AA23D-33BF-412C-99B8-A76E042F9F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4074E219-D5D1-4CB3-BF6F-DD26C68F46AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85B6FA09-D731-4621-8526-5BC0C52FC5B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "768F553E-BC99-407E-BD9A-5D0162102DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9665553-24BF-4B89-8336-22C5627B5BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B57A507-A3E2-421B-9092-910A4A4168C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79370501-0E08-40D7-BC2F-9D88C9FFEA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.25.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B46A68-C096-4B96-A9BF-7DB01743A199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "440165D6-6AA6-48AE-B52C-F871568AEA12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C932E13-E281-4D2C-AC11-873F83A8DE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9415F3-ACDF-4C3B-91C2-02D589312137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.29.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33867423-85F6-4948-BD5A-4964E447C4FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.30.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19547C8A-252A-4CEE-89CF-BCB4D5683A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.31.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E393D9EF-2A64-4D60-B554-E8F6535D9CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.32.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C84D3012-9F73-47BE-BC9D-54F644D5EA8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.33.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D00742C-1E33-4E55-8AD6-9E7D66C375EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.34.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43618CED-404D-4D38-941B-3A40494FF239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.35.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A031B91A-CF73-4800-B1E2-48B7F7EDE6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.36.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4270FB-39BD-4708-B580-10B12B8B1553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.37.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98A0FFDC-EC5C-41D2-A3B2-FA333A35E766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.38.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B80FBCC-A32A-4AD3-8DFB-FF5A30F3290C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.39.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE7E687-45FC-4A0C-BC48-18C4B1535CE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.40.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76602CEC-3131-4C45-B967-BB5CA7B9CD20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.41.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A45D818B-271A-4963-9DC1-BF4561A80D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.42.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31C4CFEF-D15D-4D74-B903-81763D484C4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate."
},
{
"lang": "es",
"value": "La implementaci\u00f3n IMAP-over-SSL en getmail 4.0.0 hasta 4.43.0 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores IMAP y obtener informaci\u00f3n sensible a trav\u00e9s de un certificado manipulado."
}
],
"id": "CVE-2014-7273",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-10-08T01:55:05.517",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"source": "cve@mitre.org",
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61229"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3091"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-7274
Vulnerability from fkie_nvd - Published: 2014-10-08 01:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getmail:getmail:4.44.0:*:*:*:*:*:*:*",
"matchCriteriaId": "565C1A4F-D171-40CA-8F5A-E616DCD7DF79",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority."
},
{
"lang": "es",
"value": "La implementaci\u00f3n IMAP-over-SSL en getmail 4.44.0 no verifica que el nombre del servidor coincide con un nombre de dominio en el campo del asunto Common Name (CN) del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores IMAP y obtener informaci\u00f3n sensible a trav\u00e9s de un certificado manipulado de una autoridad de certificaci\u00f3n reconocido."
}
],
"id": "CVE-2014-7274",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-10-08T01:55:05.753",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"source": "cve@mitre.org",
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61229"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3091"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0881
Vulnerability from fkie_nvd - Published: 2005-01-27 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| getmail | getmail | 2.3.7 | |
| getmail | getmail | 3.x | |
| getmail | getmail | 4.0 | |
| getmail | getmail | 4.0.0_b10 | |
| getmail | getmail | 4.0.1 | |
| getmail | getmail | 4.0.2 | |
| getmail | getmail | 4.0.3 | |
| getmail | getmail | 4.0.4 | |
| getmail | getmail | 4.0.5 | |
| getmail | getmail | 4.0.6 | |
| getmail | getmail | 4.0.7 | |
| getmail | getmail | 4.0.8 | |
| getmail | getmail | 4.0.9 | |
| getmail | getmail | 4.0.10 | |
| getmail | getmail | 4.0.11 | |
| getmail | getmail | 4.0.12 | |
| getmail | getmail | 4.0.13 | |
| getmail | getmail | 4.1 | |
| getmail | getmail | 4.1.1 | |
| getmail | getmail | 4.1.2 | |
| getmail | getmail | 4.1.3 | |
| getmail | getmail | 4.1.4 | |
| getmail | getmail | 4.1.5 | |
| gentoo | linux | 1.4 | |
| slackware | slackware_linux | 9.1 | |
| slackware | slackware_linux | 10.0 | |
| slackware | slackware_linux | current |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getmail:getmail:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "44B9739F-FCF9-4E5F-A9D1-49CB39BBF6C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:3.x:*:*:*:*:*:*:*",
"matchCriteriaId": "A22B3445-87A8-471F-8D02-5C7D4659F915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC9A2BA9-D5DD-44D9-9BB9-0EC4726B8575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.0_b10:*:*:*:*:*:*:*",
"matchCriteriaId": "8D22BC05-E2FC-4839-A68C-9B36487F9025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BB9C751-57B7-45D6-8090-4437A5738B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AEAC0B6-1AFC-44E9-9A99-1E1461A4F7E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E006277E-F1F9-48C6-A558-6CE034FEB8E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2029B8AA-D93F-4728-9D09-7A6292710E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EA67A71D-96A0-4E94-B323-9BFF8D706555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E29D3B51-4836-495E-9F9D-BCF60C141AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D23A07F3-9AE4-43F6-86D0-CA1D1562A3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "45825ACF-8D5C-4DE2-9A59-CEE3BFF32594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E4526FB1-EFC8-42FB-A914-56B570B6DE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "55930804-2994-4619-8681-B9A23D3782B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2494418A-473A-4261-BC33-D24A78C3F930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1DEF7144-3C41-4435-9411-55E2E9D77FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1F746212-2CBA-48C4-9F8E-4D4088D581A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B258472-0299-4908-8424-D5BD7118A63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "150DC643-0825-4896-BB98-0579ACC6B9E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF2B512C-D0B1-4023-8CE4-AF72B61901F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EDFF7A4E-7A41-44E0-B220-28E6B907FBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "85D95386-FBCB-49DE-8691-4043021C8F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE4E384-4964-4E5F-A6BD-F3EF452D0033",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3D53C9-3806-45E6-8AE9-7D41280EF64C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D29C5A03-A7C9-4780-BB63-CF1E874D018D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:current:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CB2DD9-E77F-46EE-A145-F87AD10EA8E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir."
}
],
"id": "CVE-2004-0881",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-27T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"source": "cve@mitre.org",
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17439"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0880
Vulnerability from fkie_nvd - Published: 2005-01-27 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| getmail | getmail | 2.3.7 | |
| getmail | getmail | 3.x | |
| getmail | getmail | 4.0 | |
| getmail | getmail | 4.0.0_b10 | |
| getmail | getmail | 4.0.1 | |
| getmail | getmail | 4.0.2 | |
| getmail | getmail | 4.0.3 | |
| getmail | getmail | 4.0.4 | |
| getmail | getmail | 4.0.5 | |
| getmail | getmail | 4.0.6 | |
| getmail | getmail | 4.0.7 | |
| getmail | getmail | 4.0.8 | |
| getmail | getmail | 4.0.9 | |
| getmail | getmail | 4.0.10 | |
| getmail | getmail | 4.0.11 | |
| getmail | getmail | 4.0.12 | |
| getmail | getmail | 4.0.13 | |
| getmail | getmail | 4.1 | |
| getmail | getmail | 4.1.1 | |
| getmail | getmail | 4.1.2 | |
| getmail | getmail | 4.1.3 | |
| getmail | getmail | 4.1.4 | |
| getmail | getmail | 4.1.5 | |
| gentoo | linux | 1.4 | |
| slackware | slackware_linux | 9.1 | |
| slackware | slackware_linux | 10.0 | |
| slackware | slackware_linux | current |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getmail:getmail:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "44B9739F-FCF9-4E5F-A9D1-49CB39BBF6C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:3.x:*:*:*:*:*:*:*",
"matchCriteriaId": "A22B3445-87A8-471F-8D02-5C7D4659F915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC9A2BA9-D5DD-44D9-9BB9-0EC4726B8575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.0_b10:*:*:*:*:*:*:*",
"matchCriteriaId": "8D22BC05-E2FC-4839-A68C-9B36487F9025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BB9C751-57B7-45D6-8090-4437A5738B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AEAC0B6-1AFC-44E9-9A99-1E1461A4F7E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E006277E-F1F9-48C6-A558-6CE034FEB8E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2029B8AA-D93F-4728-9D09-7A6292710E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EA67A71D-96A0-4E94-B323-9BFF8D706555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E29D3B51-4836-495E-9F9D-BCF60C141AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D23A07F3-9AE4-43F6-86D0-CA1D1562A3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "45825ACF-8D5C-4DE2-9A59-CEE3BFF32594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E4526FB1-EFC8-42FB-A914-56B570B6DE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "55930804-2994-4619-8681-B9A23D3782B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2494418A-473A-4261-BC33-D24A78C3F930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1DEF7144-3C41-4435-9411-55E2E9D77FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1F746212-2CBA-48C4-9F8E-4D4088D581A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B258472-0299-4908-8424-D5BD7118A63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "150DC643-0825-4896-BB98-0579ACC6B9E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF2B512C-D0B1-4023-8CE4-AF72B61901F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EDFF7A4E-7A41-44E0-B220-28E6B907FBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "85D95386-FBCB-49DE-8691-4043021C8F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE4E384-4964-4E5F-A6BD-F3EF452D0033",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3D53C9-3806-45E6-8AE9-7D41280EF64C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D29C5A03-A7C9-4780-BB63-CF1E874D018D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:current:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CB2DD9-E77F-46EE-A145-F87AD10EA8E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file."
}
],
"id": "CVE-2004-0880",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.2,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-27T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"source": "cve@mitre.org",
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17437"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-7273 (GCVE-0-2014-7273)
Vulnerability from cvelistv5 – Published: 2014-10-08 01:00 – Updated: 2024-08-06 12:47
VLAI?
Summary
The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:31.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61229"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2014:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61229"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:1315",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61229"
},
{
"name": "http://pyropus.ca/software/getmail/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7273",
"datePublished": "2014-10-08T01:00:00",
"dateReserved": "2014-10-01T00:00:00",
"dateUpdated": "2024-08-06T12:47:31.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7275 (GCVE-0-2014-7275)
Vulnerability from cvelistv5 – Published: 2014-10-08 01:00 – Updated: 2024-08-06 12:47
VLAI?
Summary
The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:32.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61229"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2014:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61229"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:1315",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61229"
},
{
"name": "http://pyropus.ca/software/getmail/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7275",
"datePublished": "2014-10-08T01:00:00",
"dateReserved": "2014-10-01T00:00:00",
"dateUpdated": "2024-08-06T12:47:32.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7274 (GCVE-0-2014-7274)
Vulnerability from cvelistv5 – Published: 2014-10-08 01:00 – Updated: 2024-08-06 12:47
VLAI?
Summary
The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:31.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61229"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2014:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61229"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:1315",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61229"
},
{
"name": "http://pyropus.ca/software/getmail/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7274",
"datePublished": "2014-10-08T01:00:00",
"dateReserved": "2014-10-01T00:00:00",
"dateUpdated": "2024-08-06T12:47:31.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0880 (GCVE-0-2004-0880)
Vulnerability from cvelistv5 – Published: 2004-09-24 04:00 – Updated: 2024-08-08 00:31
VLAI?
Summary
getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040919 Local root compromise possible with getmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"name": "DSA-553",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"name": "GLSA-200409-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"name": "getmail-mbox-race-condition(17437)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040919 Local root compromise possible with getmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"name": "DSA-553",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"name": "GLSA-200409-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"name": "getmail-mbox-race-condition(17437)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17437"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040919 Local root compromise possible with getmail",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"name": "DSA-553",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"name": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"name": "GLSA-200409-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"name": "getmail-mbox-race-condition(17437)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17437"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0880",
"datePublished": "2004-09-24T04:00:00",
"dateReserved": "2004-09-21T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0881 (GCVE-0-2004-0881)
Vulnerability from cvelistv5 – Published: 2004-09-24 04:00 – Updated: 2024-08-08 00:31
VLAI?
Summary
getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040919 Local root compromise possible with getmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"name": "DSA-553",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"name": "GLSA-200409-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"name": "getmail-maildir-race-condition(17439)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040919 Local root compromise possible with getmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"name": "DSA-553",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"name": "GLSA-200409-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"name": "getmail-maildir-race-condition(17439)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17439"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040919 Local root compromise possible with getmail",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"name": "DSA-553",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"name": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"name": "GLSA-200409-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"name": "getmail-maildir-race-condition(17439)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17439"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0881",
"datePublished": "2004-09-24T04:00:00",
"dateReserved": "2004-09-21T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7273 (GCVE-0-2014-7273)
Vulnerability from nvd – Published: 2014-10-08 01:00 – Updated: 2024-08-06 12:47
VLAI?
Summary
The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:31.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61229"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2014:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61229"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:1315",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61229"
},
{
"name": "http://pyropus.ca/software/getmail/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7273",
"datePublished": "2014-10-08T01:00:00",
"dateReserved": "2014-10-01T00:00:00",
"dateUpdated": "2024-08-06T12:47:31.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7275 (GCVE-0-2014-7275)
Vulnerability from nvd – Published: 2014-10-08 01:00 – Updated: 2024-08-06 12:47
VLAI?
Summary
The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:32.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61229"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2014:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61229"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:1315",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61229"
},
{
"name": "http://pyropus.ca/software/getmail/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7275",
"datePublished": "2014-10-08T01:00:00",
"dateReserved": "2014-10-01T00:00:00",
"dateUpdated": "2024-08-06T12:47:32.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7274 (GCVE-0-2014-7274)
Vulnerability from nvd – Published: 2014-10-08 01:00 – Updated: 2024-08-06 12:47
VLAI?
Summary
The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:31.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61229"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2014:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61229"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:1315",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61229"
},
{
"name": "http://pyropus.ca/software/getmail/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7274",
"datePublished": "2014-10-08T01:00:00",
"dateReserved": "2014-10-01T00:00:00",
"dateUpdated": "2024-08-06T12:47:31.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0880 (GCVE-0-2004-0880)
Vulnerability from nvd – Published: 2004-09-24 04:00 – Updated: 2024-08-08 00:31
VLAI?
Summary
getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040919 Local root compromise possible with getmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"name": "DSA-553",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"name": "GLSA-200409-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"name": "getmail-mbox-race-condition(17437)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040919 Local root compromise possible with getmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"name": "DSA-553",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"name": "GLSA-200409-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"name": "getmail-mbox-race-condition(17437)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17437"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040919 Local root compromise possible with getmail",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"name": "DSA-553",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"name": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"name": "GLSA-200409-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"name": "getmail-mbox-race-condition(17437)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17437"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0880",
"datePublished": "2004-09-24T04:00:00",
"dateReserved": "2004-09-21T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0881 (GCVE-0-2004-0881)
Vulnerability from nvd – Published: 2004-09-24 04:00 – Updated: 2024-08-08 00:31
VLAI?
Summary
getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040919 Local root compromise possible with getmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"name": "DSA-553",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"name": "GLSA-200409-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"name": "getmail-maildir-race-condition(17439)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040919 Local root compromise possible with getmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"name": "DSA-553",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"name": "GLSA-200409-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"name": "getmail-maildir-race-condition(17439)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17439"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040919 Local root compromise possible with getmail",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"name": "DSA-553",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"name": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"name": "GLSA-200409-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"name": "getmail-maildir-race-condition(17439)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17439"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0881",
"datePublished": "2004-09-24T04:00:00",
"dateReserved": "2004-09-21T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}