CVE-2001-0990

Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.inter7.com/vpopmail/ChangeLog
http://www.securityfocus.com/archive/1/212036	Patch Vendor Advisory
http://www.securityfocus.com/bid/3284	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7076

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:inter7:vpopmail:3.4.1:::::::*
	cpe:2.3:a:inter7:vpopmail:3.4.2:::::::*
	cpe:2.3:a:inter7:vpopmail:3.4.3:::::::*
	cpe:2.3:a:inter7:vpopmail:3.4.4:::::::*
	cpe:2.3:a:inter7:vpopmail:3.4.5:::::::*
	cpe:2.3:a:inter7:vpopmail:3.4.6:::::::*
	cpe:2.3:a:inter7:vpopmail:3.4.7:::::::*
	cpe:2.3:a:inter7:vpopmail:3.4.8:::::::*
	cpe:2.3:a:inter7:vpopmail:3.4.9:::::::*
	cpe:2.3:a:inter7:vpopmail:3.4.10:::::::*
	cpe:2.3:a:inter7:vpopmail:3.4.11:::::::*
	cpe:2.3:a:inter7:vpopmail:3.4.11e:::::::*
	cpe:2.3:a:inter7:vpopmail:4.5:::::::*
	cpe:2.3:a:inter7:vpopmail:4.6:::::::*
	cpe:2.3:a:inter7:vpopmail:4.7:::::::*
	cpe:2.3:a:inter7:vpopmail:4.8:::::::*
	cpe:2.3:a:inter7:vpopmail:4.9:::::::*
	cpe:2.3:a:inter7:vpopmail:4.9.10:::::::*

History

No history.

Information

Published : 2001-09-04 04:00

Updated : 2024-02-28 10:24

NVD link : CVE-2001-0990

Mitre link : CVE-2001-0990

CVE.ORG link : CVE-2001-0990

JSON object : View

Products Affected

inter7

vpopmail

CWE

NVD-CWE-Other

{"id": "CVE-2001-0990", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2001-09-04T04:00:00.000", "references": [{"url": "http://www.inter7.com/vpopmail/ChangeLog", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/212036", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/3284", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7076", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library."}], "lastModified": "2017-12-19T02:29:30.067", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85F4E493-79E9-49EF-9C8B-237F2FC771D9"}, {"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA8F2818-965F-45CB-842E-0BE3A9DC3606"}, {"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FACEBAD4-B602-401B-A798-8BD440D62368"}, {"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12D27D37-97E4-413F-A3B5-33E5CC7DD811"}, {"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB9D8F71-E669-41B9-9686-3C348669710B"}, {"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8F07EA2-D0D6-4CF2-A1E5-87C7FBE77E3B"}, {"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48D21401-54EB-49FE-ACA6-CED2E7300D52"}, {"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F2078CF-E0F3-4CF2-AC4B-8F1B66C5D36B"}, {"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8ABFEF3-019C-46E7-841E-87EF8C6C9DFD"}, {"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55281945-8C12-49C5-8B3A-C1247A2F2955"}, {"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "242098D4-C84A-4741-B651-2C8ABCF631DC"}, {"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.11e:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D907D537-B206-40B4-A27B-DEC45CEF0DF3"}, {"criteria": "cpe:2.3:a:inter7:vpopmail:4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB4FCDD9-2491-4B90-B70D-2BADFC2CE4F8"}, {"criteria": "cpe:2.3:a:inter7:vpopmail:4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FD37D2A-AA5C-4FA7-AB3E-27CA5FC2BB77"}, {"criteria": "cpe:2.3:a:inter7:vpopmail:4.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D547D97-E996-4EE4-872F-1A3A0B28B2FB"}, {"criteria": "cpe:2.3:a:inter7:vpopmail:4.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B56A0D4-31E8-4C3B-97CC-EDFA2EE0A271"}, {"criteria": "cpe:2.3:a:inter7:vpopmail:4.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9BDA23C-8B7F-4BFF-AA66-5072AA79CF4B"}, {"criteria": "cpe:2.3:a:inter7:vpopmail:4.9.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7F96550-7AFB-4978-84A2-FE903FB7A922"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}