CVE-2008-2667 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.1 UNKNOWN	NETWORK	HIGH		AV:N/AC:H/Au:N/C:P/I:P/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 80%

Vendor	Product	Version
courier-mta	courtier-authlib	0.52
courier-mta	courtier-authlib	0.53
courier-mta	courtier-authlib	0.54
courier-mta	courtier-authlib	0.55
courier-mta	courtier-authlib	0.56
courier-mta	courtier-authlib	0.57
courier-mta	courtier-authlib	0.58
courier-mta	courtier-authlib	0.59
courier-mta	courtier-authlib	0.59.1
courier-mta	courtier-authlib	0.59.2
courier-mta	courtier-authlib	0.59.3
courier-mta	courtier-authlib	0.60
courier-mta	courtier-authlib	0.60.1
courier-mta	courtier-authlib	0.60.2
courier-mta	courtier-authlib	0.60.3
courier-mta	courtier-authlib	0.60.4
courier-mta	courtier-authlib	0.60.5

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

courier-authlib

bullseye	0.71.1-2 fixed
sid	0.71.4-1 fixed
bookworm	0.71.4-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

courier-authlib

oneiric	not-affected
natty	not-affected
maverick	not-affected
lucid	not-affected
karmic	not-affected
jaunty	not-affected
intrepid	not-affected
hardy	ignored
gutsy	ignored
feisty	ignored
dapper	dne

Common Weakness Enumeration

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

References

http://bugs.gentoo.org/show_bug.cgi?id=225407

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

http://secunia.com/advisories/30591

http://secunia.com/advisories/30967

http://security.gentoo.org/glsa/glsa-200809-05.xml

http://www.courier-mta.org/authlib/changelog.html

http://www.mail-archive.com/courier-users%40lists.sourceforge.net/msg31362.html

http://www.nabble.com/courier-authlib-0.60.6-released-td17720739.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/43628

http://bugs.gentoo.org/show_bug.cgi?id=225407

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

http://secunia.com/advisories/30591

http://secunia.com/advisories/30967

http://security.gentoo.org/glsa/glsa-200809-05.xml

http://www.courier-mta.org/authlib/changelog.html

http://www.mail-archive.com/courier-users%40lists.sourceforge.net/msg31362.html

http://www.nabble.com/courier-authlib-0.60.6-released-td17720739.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/43628