Vulnerabilites related to getmail - getmail
cve-2004-0881
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=109571883130372&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2004/dsa-553 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG | x_refsource_CONFIRM | |
| http://security.gentoo.org/glsa/glsa-200409-32.xml | vendor-advisory, x_refsource_GENTOO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17439 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040919 Local root compromise possible with getmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"name": "DSA-553",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"name": "GLSA-200409-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"name": "getmail-maildir-race-condition(17439)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040919 Local root compromise possible with getmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"name": "DSA-553",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"name": "GLSA-200409-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"name": "getmail-maildir-race-condition(17439)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17439"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040919 Local root compromise possible with getmail",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"name": "DSA-553",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"name": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"name": "GLSA-200409-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"name": "getmail-maildir-race-condition(17439)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17439"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0881",
"datePublished": "2004-09-24T04:00:00",
"dateReserved": "2004-09-21T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-7274
Vulnerability from cvelistv5
Published
2014-10-08 01:00
Modified
2024-08-06 12:47
Severity ?
EPSS score ?
Summary
The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html | vendor-advisory, x_refsource_SUSE | |
| http://openwall.com/lists/oss-security/2014/10/07/33 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2014/dsa-3091 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/61229 | third-party-advisory, x_refsource_SECUNIA | |
| http://pyropus.ca/software/getmail/CHANGELOG | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:31.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61229"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2014:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61229"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:1315",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61229"
},
{
"name": "http://pyropus.ca/software/getmail/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7274",
"datePublished": "2014-10-08T01:00:00",
"dateReserved": "2014-10-01T00:00:00",
"dateUpdated": "2024-08-06T12:47:31.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0880
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=109571883130372&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2004/dsa-553 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG | x_refsource_CONFIRM | |
| http://security.gentoo.org/glsa/glsa-200409-32.xml | vendor-advisory, x_refsource_GENTOO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17437 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040919 Local root compromise possible with getmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"name": "DSA-553",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"name": "GLSA-200409-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"name": "getmail-mbox-race-condition(17437)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040919 Local root compromise possible with getmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"name": "DSA-553",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"name": "GLSA-200409-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"name": "getmail-mbox-race-condition(17437)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17437"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040919 Local root compromise possible with getmail",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"name": "DSA-553",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"name": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"name": "GLSA-200409-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"name": "getmail-mbox-race-condition(17437)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17437"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0880",
"datePublished": "2004-09-24T04:00:00",
"dateReserved": "2004-09-21T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-7273
Vulnerability from cvelistv5
Published
2014-10-08 01:00
Modified
2024-08-06 12:47
Severity ?
EPSS score ?
Summary
The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html | vendor-advisory, x_refsource_SUSE | |
| http://openwall.com/lists/oss-security/2014/10/07/33 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2014/dsa-3091 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/61229 | third-party-advisory, x_refsource_SECUNIA | |
| http://pyropus.ca/software/getmail/CHANGELOG | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:31.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61229"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2014:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61229"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:1315",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61229"
},
{
"name": "http://pyropus.ca/software/getmail/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7273",
"datePublished": "2014-10-08T01:00:00",
"dateReserved": "2014-10-01T00:00:00",
"dateUpdated": "2024-08-06T12:47:31.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-7275
Vulnerability from cvelistv5
Published
2014-10-08 01:00
Modified
2024-08-06 12:47
Severity ?
EPSS score ?
Summary
The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html | vendor-advisory, x_refsource_SUSE | |
| http://openwall.com/lists/oss-security/2014/10/07/33 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2014/dsa-3091 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/61229 | third-party-advisory, x_refsource_SECUNIA | |
| http://pyropus.ca/software/getmail/CHANGELOG | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:32.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61229"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2014:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61229"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:1315",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61229"
},
{
"name": "http://pyropus.ca/software/getmail/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7275",
"datePublished": "2014-10-08T01:00:00",
"dateReserved": "2014-10-01T00:00:00",
"dateUpdated": "2024-08-06T12:47:32.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2005-01-27 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| getmail | getmail | 2.3.7 | |
| getmail | getmail | 3.x | |
| getmail | getmail | 4.0 | |
| getmail | getmail | 4.0.0_b10 | |
| getmail | getmail | 4.0.1 | |
| getmail | getmail | 4.0.2 | |
| getmail | getmail | 4.0.3 | |
| getmail | getmail | 4.0.4 | |
| getmail | getmail | 4.0.5 | |
| getmail | getmail | 4.0.6 | |
| getmail | getmail | 4.0.7 | |
| getmail | getmail | 4.0.8 | |
| getmail | getmail | 4.0.9 | |
| getmail | getmail | 4.0.10 | |
| getmail | getmail | 4.0.11 | |
| getmail | getmail | 4.0.12 | |
| getmail | getmail | 4.0.13 | |
| getmail | getmail | 4.1 | |
| getmail | getmail | 4.1.1 | |
| getmail | getmail | 4.1.2 | |
| getmail | getmail | 4.1.3 | |
| getmail | getmail | 4.1.4 | |
| getmail | getmail | 4.1.5 | |
| gentoo | linux | 1.4 | |
| slackware | slackware_linux | 9.1 | |
| slackware | slackware_linux | 10.0 | |
| slackware | slackware_linux | current |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getmail:getmail:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "44B9739F-FCF9-4E5F-A9D1-49CB39BBF6C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:3.x:*:*:*:*:*:*:*",
"matchCriteriaId": "A22B3445-87A8-471F-8D02-5C7D4659F915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC9A2BA9-D5DD-44D9-9BB9-0EC4726B8575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.0_b10:*:*:*:*:*:*:*",
"matchCriteriaId": "8D22BC05-E2FC-4839-A68C-9B36487F9025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BB9C751-57B7-45D6-8090-4437A5738B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AEAC0B6-1AFC-44E9-9A99-1E1461A4F7E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E006277E-F1F9-48C6-A558-6CE034FEB8E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2029B8AA-D93F-4728-9D09-7A6292710E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EA67A71D-96A0-4E94-B323-9BFF8D706555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E29D3B51-4836-495E-9F9D-BCF60C141AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D23A07F3-9AE4-43F6-86D0-CA1D1562A3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "45825ACF-8D5C-4DE2-9A59-CEE3BFF32594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E4526FB1-EFC8-42FB-A914-56B570B6DE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "55930804-2994-4619-8681-B9A23D3782B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2494418A-473A-4261-BC33-D24A78C3F930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1DEF7144-3C41-4435-9411-55E2E9D77FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1F746212-2CBA-48C4-9F8E-4D4088D581A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B258472-0299-4908-8424-D5BD7118A63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "150DC643-0825-4896-BB98-0579ACC6B9E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF2B512C-D0B1-4023-8CE4-AF72B61901F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EDFF7A4E-7A41-44E0-B220-28E6B907FBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "85D95386-FBCB-49DE-8691-4043021C8F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE4E384-4964-4E5F-A6BD-F3EF452D0033",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3D53C9-3806-45E6-8AE9-7D41280EF64C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D29C5A03-A7C9-4780-BB63-CF1E874D018D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:current:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CB2DD9-E77F-46EE-A145-F87AD10EA8E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir."
}
],
"id": "CVE-2004-0881",
"lastModified": "2024-11-20T23:49:35.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-27T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"source": "cve@mitre.org",
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17439"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-08 01:55
Modified
2024-11-21 02:16
Severity ?
Summary
The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC9A2BA9-D5DD-44D9-9BB9-0EC4726B8575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.0_b10:*:*:*:*:*:*:*",
"matchCriteriaId": "8D22BC05-E2FC-4839-A68C-9B36487F9025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BB9C751-57B7-45D6-8090-4437A5738B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AEAC0B6-1AFC-44E9-9A99-1E1461A4F7E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E006277E-F1F9-48C6-A558-6CE034FEB8E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2029B8AA-D93F-4728-9D09-7A6292710E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EA67A71D-96A0-4E94-B323-9BFF8D706555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E29D3B51-4836-495E-9F9D-BCF60C141AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D23A07F3-9AE4-43F6-86D0-CA1D1562A3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "45825ACF-8D5C-4DE2-9A59-CEE3BFF32594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E4526FB1-EFC8-42FB-A914-56B570B6DE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "55930804-2994-4619-8681-B9A23D3782B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2494418A-473A-4261-BC33-D24A78C3F930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1DEF7144-3C41-4435-9411-55E2E9D77FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1F746212-2CBA-48C4-9F8E-4D4088D581A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B258472-0299-4908-8424-D5BD7118A63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "150DC643-0825-4896-BB98-0579ACC6B9E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF2B512C-D0B1-4023-8CE4-AF72B61901F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EDFF7A4E-7A41-44E0-B220-28E6B907FBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "85D95386-FBCB-49DE-8691-4043021C8F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE4E384-4964-4E5F-A6BD-F3EF452D0033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "353ED688-0E51-481B-AB2C-B221789BFA0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6826172E-6B0A-4AD4-B208-D76A3EFA0ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED2B7B5-828D-4EF2-B261-EDD0C4C0F82A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE58943D-E5D9-4B49-B1E0-4968B4C31EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42EF705A-6177-4892-B422-4279FFDA44FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2E626006-6738-47D3-9B68-5E46BE707ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97417756-5B97-482E-98EF-4C830B8CA5C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F78B178-34E9-43C0-B6AC-4721AAAE88E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E25C2948-FBA2-4DBC-B159-4E534582F7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "598527D1-1C01-40E8-9136-24BF0C84CBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C978EC76-C765-4013-B6EE-86C8253D61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B6F58-69C6-4E7A-82EC-FD2C35E09476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A7EED28-BAD6-4EF6-8EA6-298078F1532B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C30D6AF-8065-4704-BD48-02906BE5AD17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5107BC4B-3FD2-4566-8529-BE214421A2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED8F86E-D02D-40A7-9BE1-65FB81CA7A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "458AA23D-33BF-412C-99B8-A76E042F9F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4074E219-D5D1-4CB3-BF6F-DD26C68F46AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85B6FA09-D731-4621-8526-5BC0C52FC5B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "768F553E-BC99-407E-BD9A-5D0162102DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9665553-24BF-4B89-8336-22C5627B5BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B57A507-A3E2-421B-9092-910A4A4168C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79370501-0E08-40D7-BC2F-9D88C9FFEA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.25.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B46A68-C096-4B96-A9BF-7DB01743A199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "440165D6-6AA6-48AE-B52C-F871568AEA12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C932E13-E281-4D2C-AC11-873F83A8DE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9415F3-ACDF-4C3B-91C2-02D589312137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.29.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33867423-85F6-4948-BD5A-4964E447C4FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.30.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19547C8A-252A-4CEE-89CF-BCB4D5683A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.31.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E393D9EF-2A64-4D60-B554-E8F6535D9CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.32.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C84D3012-9F73-47BE-BC9D-54F644D5EA8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.33.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D00742C-1E33-4E55-8AD6-9E7D66C375EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.34.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43618CED-404D-4D38-941B-3A40494FF239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.35.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A031B91A-CF73-4800-B1E2-48B7F7EDE6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.36.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4270FB-39BD-4708-B580-10B12B8B1553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.37.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98A0FFDC-EC5C-41D2-A3B2-FA333A35E766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.38.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B80FBCC-A32A-4AD3-8DFB-FF5A30F3290C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.39.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE7E687-45FC-4A0C-BC48-18C4B1535CE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.40.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76602CEC-3131-4C45-B967-BB5CA7B9CD20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.41.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A45D818B-271A-4963-9DC1-BF4561A80D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.42.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31C4CFEF-D15D-4D74-B903-81763D484C4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate."
},
{
"lang": "es",
"value": "La implementaci\u00f3n IMAP-over-SSL en getmail 4.0.0 hasta 4.43.0 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores IMAP y obtener informaci\u00f3n sensible a trav\u00e9s de un certificado manipulado."
}
],
"id": "CVE-2014-7273",
"lastModified": "2024-11-21T02:16:39.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-10-08T01:55:05.517",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"source": "cve@mitre.org",
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61229"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3091"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-27 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| getmail | getmail | 2.3.7 | |
| getmail | getmail | 3.x | |
| getmail | getmail | 4.0 | |
| getmail | getmail | 4.0.0_b10 | |
| getmail | getmail | 4.0.1 | |
| getmail | getmail | 4.0.2 | |
| getmail | getmail | 4.0.3 | |
| getmail | getmail | 4.0.4 | |
| getmail | getmail | 4.0.5 | |
| getmail | getmail | 4.0.6 | |
| getmail | getmail | 4.0.7 | |
| getmail | getmail | 4.0.8 | |
| getmail | getmail | 4.0.9 | |
| getmail | getmail | 4.0.10 | |
| getmail | getmail | 4.0.11 | |
| getmail | getmail | 4.0.12 | |
| getmail | getmail | 4.0.13 | |
| getmail | getmail | 4.1 | |
| getmail | getmail | 4.1.1 | |
| getmail | getmail | 4.1.2 | |
| getmail | getmail | 4.1.3 | |
| getmail | getmail | 4.1.4 | |
| getmail | getmail | 4.1.5 | |
| gentoo | linux | 1.4 | |
| slackware | slackware_linux | 9.1 | |
| slackware | slackware_linux | 10.0 | |
| slackware | slackware_linux | current |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getmail:getmail:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "44B9739F-FCF9-4E5F-A9D1-49CB39BBF6C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:3.x:*:*:*:*:*:*:*",
"matchCriteriaId": "A22B3445-87A8-471F-8D02-5C7D4659F915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC9A2BA9-D5DD-44D9-9BB9-0EC4726B8575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.0_b10:*:*:*:*:*:*:*",
"matchCriteriaId": "8D22BC05-E2FC-4839-A68C-9B36487F9025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BB9C751-57B7-45D6-8090-4437A5738B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AEAC0B6-1AFC-44E9-9A99-1E1461A4F7E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E006277E-F1F9-48C6-A558-6CE034FEB8E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2029B8AA-D93F-4728-9D09-7A6292710E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EA67A71D-96A0-4E94-B323-9BFF8D706555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E29D3B51-4836-495E-9F9D-BCF60C141AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D23A07F3-9AE4-43F6-86D0-CA1D1562A3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "45825ACF-8D5C-4DE2-9A59-CEE3BFF32594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E4526FB1-EFC8-42FB-A914-56B570B6DE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "55930804-2994-4619-8681-B9A23D3782B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2494418A-473A-4261-BC33-D24A78C3F930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1DEF7144-3C41-4435-9411-55E2E9D77FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1F746212-2CBA-48C4-9F8E-4D4088D581A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B258472-0299-4908-8424-D5BD7118A63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "150DC643-0825-4896-BB98-0579ACC6B9E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF2B512C-D0B1-4023-8CE4-AF72B61901F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EDFF7A4E-7A41-44E0-B220-28E6B907FBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "85D95386-FBCB-49DE-8691-4043021C8F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE4E384-4964-4E5F-A6BD-F3EF452D0033",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3D53C9-3806-45E6-8AE9-7D41280EF64C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D29C5A03-A7C9-4780-BB63-CF1E874D018D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:current:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CB2DD9-E77F-46EE-A145-F87AD10EA8E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file."
}
],
"id": "CVE-2004-0880",
"lastModified": "2024-11-20T23:49:35.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.2,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-27T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"source": "cve@mitre.org",
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109571883130372\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17437"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-08 01:55
Modified
2024-11-21 02:16
Severity ?
Summary
The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getmail:getmail:4.44.0:*:*:*:*:*:*:*",
"matchCriteriaId": "565C1A4F-D171-40CA-8F5A-E616DCD7DF79",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority."
},
{
"lang": "es",
"value": "La implementaci\u00f3n IMAP-over-SSL en getmail 4.44.0 no verifica que el nombre del servidor coincide con un nombre de dominio en el campo del asunto Common Name (CN) del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores IMAP y obtener informaci\u00f3n sensible a trav\u00e9s de un certificado manipulado de una autoridad de certificaci\u00f3n reconocido."
}
],
"id": "CVE-2014-7274",
"lastModified": "2024-11-21T02:16:39.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-10-08T01:55:05.753",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"source": "cve@mitre.org",
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61229"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3091"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-08 01:55
Modified
2024-11-21 02:16
Severity ?
Summary
The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BB9C751-57B7-45D6-8090-4437A5738B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AEAC0B6-1AFC-44E9-9A99-1E1461A4F7E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E006277E-F1F9-48C6-A558-6CE034FEB8E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2029B8AA-D93F-4728-9D09-7A6292710E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EA67A71D-96A0-4E94-B323-9BFF8D706555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E29D3B51-4836-495E-9F9D-BCF60C141AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D23A07F3-9AE4-43F6-86D0-CA1D1562A3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "45825ACF-8D5C-4DE2-9A59-CEE3BFF32594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E4526FB1-EFC8-42FB-A914-56B570B6DE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "55930804-2994-4619-8681-B9A23D3782B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2494418A-473A-4261-BC33-D24A78C3F930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1DEF7144-3C41-4435-9411-55E2E9D77FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1F746212-2CBA-48C4-9F8E-4D4088D581A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B258472-0299-4908-8424-D5BD7118A63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "150DC643-0825-4896-BB98-0579ACC6B9E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF2B512C-D0B1-4023-8CE4-AF72B61901F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EDFF7A4E-7A41-44E0-B220-28E6B907FBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "85D95386-FBCB-49DE-8691-4043021C8F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE4E384-4964-4E5F-A6BD-F3EF452D0033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "353ED688-0E51-481B-AB2C-B221789BFA0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6826172E-6B0A-4AD4-B208-D76A3EFA0ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED2B7B5-828D-4EF2-B261-EDD0C4C0F82A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE58943D-E5D9-4B49-B1E0-4968B4C31EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42EF705A-6177-4892-B422-4279FFDA44FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2E626006-6738-47D3-9B68-5E46BE707ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97417756-5B97-482E-98EF-4C830B8CA5C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F78B178-34E9-43C0-B6AC-4721AAAE88E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E25C2948-FBA2-4DBC-B159-4E534582F7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "598527D1-1C01-40E8-9136-24BF0C84CBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C978EC76-C765-4013-B6EE-86C8253D61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B6F58-69C6-4E7A-82EC-FD2C35E09476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A7EED28-BAD6-4EF6-8EA6-298078F1532B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C30D6AF-8065-4704-BD48-02906BE5AD17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5107BC4B-3FD2-4566-8529-BE214421A2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED8F86E-D02D-40A7-9BE1-65FB81CA7A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "458AA23D-33BF-412C-99B8-A76E042F9F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4074E219-D5D1-4CB3-BF6F-DD26C68F46AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85B6FA09-D731-4621-8526-5BC0C52FC5B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "768F553E-BC99-407E-BD9A-5D0162102DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9665553-24BF-4B89-8336-22C5627B5BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B57A507-A3E2-421B-9092-910A4A4168C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79370501-0E08-40D7-BC2F-9D88C9FFEA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.25.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B46A68-C096-4B96-A9BF-7DB01743A199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "440165D6-6AA6-48AE-B52C-F871568AEA12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C932E13-E281-4D2C-AC11-873F83A8DE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9415F3-ACDF-4C3B-91C2-02D589312137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.29.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33867423-85F6-4948-BD5A-4964E447C4FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.30.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19547C8A-252A-4CEE-89CF-BCB4D5683A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.31.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E393D9EF-2A64-4D60-B554-E8F6535D9CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.32.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C84D3012-9F73-47BE-BC9D-54F644D5EA8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.33.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D00742C-1E33-4E55-8AD6-9E7D66C375EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.34.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43618CED-404D-4D38-941B-3A40494FF239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.35.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A031B91A-CF73-4800-B1E2-48B7F7EDE6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.36.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4270FB-39BD-4708-B580-10B12B8B1553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.37.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98A0FFDC-EC5C-41D2-A3B2-FA333A35E766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.38.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B80FBCC-A32A-4AD3-8DFB-FF5A30F3290C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.39.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE7E687-45FC-4A0C-BC48-18C4B1535CE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.40.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76602CEC-3131-4C45-B967-BB5CA7B9CD20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.41.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A45D818B-271A-4963-9DC1-BF4561A80D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.42.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31C4CFEF-D15D-4D74-B903-81763D484C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.43.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D3BA00-76EE-4F6F-AB93-84E56A745884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getmail:getmail:4.44.0:*:*:*:*:*:*:*",
"matchCriteriaId": "565C1A4F-D171-40CA-8F5A-E616DCD7DF79",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate."
},
{
"lang": "es",
"value": "La implementaci\u00f3n POP3-over-SSL en getmail 4.0.0 hasta 4.44.0 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores POP3 y obtener informaci\u00f3n sensible a trav\u00e9s de un certificado manipulado."
}
],
"id": "CVE-2014-7275",
"lastModified": "2024-11-21T02:16:39.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-10-08T01:55:05.830",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"source": "cve@mitre.org",
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61229"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3091"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}