CVE-2010-3292

EUVD-2010-3291
The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
mailscannermailscanner
4.79.11-2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mailscanner
hardy
ignored
lucid
ignored
maverick
ignored
natty
ignored
oneiric
dne
precise
dne
quantal
dne
raring
dne
saucy
dne
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/cve-2010-3292
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596396
https://security-tracker.debian.org/tracker/CVE-2010-3292
https://www.openwall.com/lists/oss-security/2010/09/13/9
https://access.redhat.com/security/cve/cve-2010-3292
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596396
https://security-tracker.debian.org/tracker/CVE-2010-3292
https://www.openwall.com/lists/oss-security/2010/09/13/9