CVE-2004-0880

getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.

CVSS v2.0 1.2 LOW

1.2^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 1.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=109571883130372&w=2
http://security.gentoo.org/glsa/glsa-200409-32.xml
http://www.debian.org/security/2004/dsa-553
http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG
https://exchange.xforce.ibmcloud.com/vulnerabilities/17437

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:getmail:getmail:2.3.7:::::::*
	cpe:2.3:a:getmail:getmail:3.x:::::::*
	cpe:2.3:a:getmail:getmail:4.0:::::::*
	cpe:2.3:a:getmail:getmail:4.0.0_b10:::::::*
	cpe:2.3:a:getmail:getmail:4.0.1:::::::*
	cpe:2.3:a:getmail:getmail:4.0.2:::::::*
	cpe:2.3:a:getmail:getmail:4.0.3:::::::*
	cpe:2.3:a:getmail:getmail:4.0.4:::::::*
	cpe:2.3:a:getmail:getmail:4.0.5:::::::*
	cpe:2.3:a:getmail:getmail:4.0.6:::::::*
	cpe:2.3:a:getmail:getmail:4.0.7:::::::*
	cpe:2.3:a:getmail:getmail:4.0.8:::::::*
	cpe:2.3:a:getmail:getmail:4.0.9:::::::*
	cpe:2.3:a:getmail:getmail:4.0.10:::::::*
	cpe:2.3:a:getmail:getmail:4.0.11:::::::*
	cpe:2.3:a:getmail:getmail:4.0.12:::::::*
	cpe:2.3:a:getmail:getmail:4.0.13:::::::*
	cpe:2.3:a:getmail:getmail:4.1:::::::*
	cpe:2.3:a:getmail:getmail:4.1.1:::::::*
	cpe:2.3:a:getmail:getmail:4.1.2:::::::*
	cpe:2.3:a:getmail:getmail:4.1.3:::::::*
	cpe:2.3:a:getmail:getmail:4.1.4:::::::*
	cpe:2.3:a:getmail:getmail:4.1.5:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:gentoo:linux:1.4:::::::*
	cpe:2.3:o:slackware:slackware_linux:9.1:::::::*
	cpe:2.3:o:slackware:slackware_linux:10.0:::::::*
	cpe:2.3:o:slackware:slackware_linux:current:::::::*

History

No history.

Information

Published : 2005-01-27 05:00

Updated : 2017-07-11 01:30

NVD link : CVE-2004-0880

Mitre link : CVE-2004-0880

CVE.ORG link : CVE-2004-0880

JSON object : View

Products Affected

slackware

slackware_linux

getmail

getmail

gentoo

linux

CWE

NVD-CWE-Other

{"id": "CVE-2004-0880", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-01-27T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=109571883130372&w=2", "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2004/dsa-553", "source": "cve@mitre.org"}, {"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17437", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file."}], "lastModified": "2017-07-11T01:30:32.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:getmail:getmail:2.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44B9739F-FCF9-4E5F-A9D1-49CB39BBF6C6"}, {"criteria": "cpe:2.3:a:getmail:getmail:3.x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A22B3445-87A8-471F-8D02-5C7D4659F915"}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC9A2BA9-D5DD-44D9-9BB9-0EC4726B8575"}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.0_b10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D22BC05-E2FC-4839-A68C-9B36487F9025"}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BB9C751-57B7-45D6-8090-4437A5738B64"}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AEAC0B6-1AFC-44E9-9A99-1E1461A4F7E9"}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E006277E-F1F9-48C6-A558-6CE034FEB8E8"}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2029B8AA-D93F-4728-9D09-7A6292710E56"}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA67A71D-96A0-4E94-B323-9BFF8D706555"}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E29D3B51-4836-495E-9F9D-BCF60C141AB4"}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D23A07F3-9AE4-43F6-86D0-CA1D1562A3F7"}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45825ACF-8D5C-4DE2-9A59-CEE3BFF32594"}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4526FB1-EFC8-42FB-A914-56B570B6DE70"}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55930804-2994-4619-8681-B9A23D3782B3"}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2494418A-473A-4261-BC33-D24A78C3F930"}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DEF7144-3C41-4435-9411-55E2E9D77FE8"}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F746212-2CBA-48C4-9F8E-4D4088D581A8"}, {"criteria": "cpe:2.3:a:getmail:getmail:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B258472-0299-4908-8424-D5BD7118A63A"}, {"criteria": "cpe:2.3:a:getmail:getmail:4.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "150DC643-0825-4896-BB98-0579ACC6B9E3"}, {"criteria": "cpe:2.3:a:getmail:getmail:4.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF2B512C-D0B1-4023-8CE4-AF72B61901F6"}, {"criteria": "cpe:2.3:a:getmail:getmail:4.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDFF7A4E-7A41-44E0-B220-28E6B907FBFE"}, {"criteria": "cpe:2.3:a:getmail:getmail:4.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85D95386-FBCB-49DE-8691-4043021C8F2F"}, {"criteria": "cpe:2.3:a:getmail:getmail:4.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CE4E384-4964-4E5F-A6BD-F3EF452D0033"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB"}, {"criteria": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA3D53C9-3806-45E6-8AE9-7D41280EF64C"}, {"criteria": "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D29C5A03-A7C9-4780-BB63-CF1E874D018D"}, {"criteria": "cpe:2.3:o:slackware:slackware_linux:current:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1CB2DD9-E77F-46EE-A145-F87AD10EA8E4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

1.2 /10