CVE-2020-3812

EUVD-2020-25077
qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
netqmailnetqmail
1.06
debiandebian_linux
8.0
debiandebian_linux
9.0
debiandebian_linux
10.0
canonicalubuntu_linux
20.04
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
netqmail
bionic
Fixed 1.06-6.2~deb10u1build0.18.04.1
released
eoan
ignored
focal
Fixed 1.06-6.2~deb10u1build0.20.04.1
released
groovy
dne
trusty
Fixed 1.06-6.2~deb10u1build0.14.04.1+esm1
released
xenial
Fixed 1.06-6.2~deb10u1build0.16.04.1
released
Common Weakness Enumeration
References
https://bugs.debian.org/961060
https://lists.debian.org/debian-lts-announce/2020/06/msg00002.html
https://usn.ubuntu.com/4556-1/
https://www.debian.org/security/2020/dsa-4692
https://www.openwall.com/lists/oss-security/2020/05/19/8
https://bugs.debian.org/961060
https://lists.debian.org/debian-lts-announce/2020/06/msg00002.html
https://usn.ubuntu.com/4556-1/
https://www.debian.org/security/2020/dsa-4692
https://www.openwall.com/lists/oss-security/2020/05/19/8