Back to search
CVE-2020-3812
Published: May 26, 2020
Modified: Sep 16, 2024
PUBLISHED
Description
qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first.
| Vendor | Product | Versions |
|---|---|---|
Debian | netqmail | affected 1.06 |
References
https://www.openwall.com/lists/oss-security/2020/05/19/8
x_refsource_MISC
https://bugs.debian.org/961060
x_refsource_MISC
https://www.debian.org/security/2020/dsa-4692
x_refsource_MISC
[debian-lts-announce] 20200604 [SECURITY] [DLA 2234-1] netqmail security update
mailing-list
x_refsource_MLIST
USN-4556-1
vendor-advisory
x_refsource_UBUNTU
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now