CVE-2020-3812

qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
debianCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
netqmailnetqmail
1.06
debiandebian_linux
8.0
debiandebian_linux
9.0
debiandebian_linux
10.0
canonicalubuntu_linux
20.04
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
netqmail
groovy
dne
focal
Fixed 1.06-6.2~deb10u1build0.20.04.1
released
eoan
ignored
bionic
Fixed 1.06-6.2~deb10u1build0.18.04.1
released
xenial
Fixed 1.06-6.2~deb10u1build0.16.04.1
released
trusty
Fixed 1.06-6.2~deb10u1build0.14.04.1+esm1
released
Common Weakness Enumeration
References
https://bugs.debian.org/961060
https://lists.debian.org/debian-lts-announce/2020/06/msg00002.html
https://usn.ubuntu.com/4556-1/
https://www.debian.org/security/2020/dsa-4692
https://www.openwall.com/lists/oss-security/2020/05/19/8
https://bugs.debian.org/961060
https://lists.debian.org/debian-lts-announce/2020/06/msg00002.html
https://usn.ubuntu.com/4556-1/
https://www.debian.org/security/2020/dsa-4692
https://www.openwall.com/lists/oss-security/2020/05/19/8