Vulnerability Details CVE-2004-0881
getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.5%
CVSS Severity
CVSS v2 Score 2.1
References
- http://marc.info/?l=bugtraq&m=109571883130372&w=2
- http://security.gentoo.org/glsa/glsa-200409-32.xml
- http://www.debian.org/security/2004/dsa-553
- http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17439
- http://marc.info/?l=bugtraq&m=109571883130372&w=2
- http://security.gentoo.org/glsa/glsa-200409-32.xml
- http://www.debian.org/security/2004/dsa-553
- http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17439
Products affected by CVE-2004-0881
-
cpe:2.3:a:getmail:getmail:2.3.7
-
cpe:2.3:a:getmail:getmail:3.x
-
cpe:2.3:a:getmail:getmail:4.0
-
cpe:2.3:a:getmail:getmail:4.0.0_b10
-
cpe:2.3:a:getmail:getmail:4.0.1
-
cpe:2.3:a:getmail:getmail:4.0.10
-
cpe:2.3:a:getmail:getmail:4.0.11
-
cpe:2.3:a:getmail:getmail:4.0.12
-
cpe:2.3:a:getmail:getmail:4.0.13
-
cpe:2.3:a:getmail:getmail:4.0.2
-
cpe:2.3:a:getmail:getmail:4.0.3
-
cpe:2.3:a:getmail:getmail:4.0.4
-
cpe:2.3:a:getmail:getmail:4.0.5
-
cpe:2.3:a:getmail:getmail:4.0.6
-
cpe:2.3:a:getmail:getmail:4.0.7
-
cpe:2.3:a:getmail:getmail:4.0.8
-
cpe:2.3:a:getmail:getmail:4.0.9
-
cpe:2.3:a:getmail:getmail:4.1
-
cpe:2.3:a:getmail:getmail:4.1.1
-
cpe:2.3:a:getmail:getmail:4.1.2
-
cpe:2.3:a:getmail:getmail:4.1.3
-
cpe:2.3:a:getmail:getmail:4.1.4
-
cpe:2.3:a:getmail:getmail:4.1.5
-
cpe:2.3:o:gentoo:linux:1.4
-
cpe:2.3:o:slackware:slackware_linux:10.0
-
cpe:2.3:o:slackware:slackware_linux:9.1
-
cpe:2.3:o:slackware:slackware_linux:current