CVE-2008-5312 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.9 UNKNOWN	LOCAL	MEDIUM		AV:L/AC:M/Au:N/C:C/I:C/A:C
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Vendor	Product	Version
mailscanner	mailscanner	4.55.10
mailscanner	mailscanner	4.56.8-1
mailscanner	mailscanner	4.57.7-1
mailscanner	mailscanner	4.58.9-1
mailscanner	mailscanner	4.59.4-2
mailscanner	mailscanner	4.60.8-1
mailscanner	mailscanner	4.61.7-2
mailscanner	mailscanner	4.62.9-3
mailscanner	mailscanner	4.63.8-1
mailscanner	mailscanner	4.64.3-2
mailscanner	mailscanner	4.65.3-1
mailscanner	mailscanner	4.66.5-3
mailscanner	mailscanner	4.67.6-1
mailscanner	mailscanner	4.68.8
mailscanner	mailscanner	4.68.8-1
mailscanner	mailscanner	4.69.9-3
mailscanner	mailscanner	4.70.7-1
mailscanner	mailscanner	4.71.10-1
mailscanner	mailscanner	4.72.5-1
mailscanner	mailscanner	4.73.4-2

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

mailscanner

oneiric	dne
natty	not-affected
maverick	not-affected
lucid	not-affected
karmic	not-affected
jaunty	not-affected
intrepid	ignored
hardy	ignored
gutsy	ignored
dapper	ignored

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353#44

http://secunia.com/advisories/33117

http://www.mailscanner.info/ChangeLog

http://www.openwall.com/lists/oss-security/2008/11/29/1

http://www.securityfocus.com/bid/32557

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353#44

http://secunia.com/advisories/33117

http://www.mailscanner.info/ChangeLog

http://www.openwall.com/lists/oss-security/2008/11/29/1

http://www.securityfocus.com/bid/32557