CVE-2004-2642

Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which allows remote attackers to spoof the identity of the sender.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://deekoo.net/technocracy/yeemp/#advisory	Patch
http://deekoo.net/technocracy/yeemp/changes.html
http://secunia.com/advisories/12795	Patch Vendor Advisory
http://securitytracker.com/id?1011586	Patch
http://www.osvdb.org/10671	Patch
http://www.securityfocus.com/bid/11353	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/17692

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nathaniel_bray:yeemp:0.5.1:::::::*
	cpe:2.3:a:nathaniel_bray:yeemp:0.6:::::::*
	cpe:2.3:a:nathaniel_bray:yeemp:0.6.1:::::::*
	cpe:2.3:a:nathaniel_bray:yeemp:0.6.2:::::::*
	cpe:2.3:a:nathaniel_bray:yeemp:0.7:::::::*
	cpe:2.3:a:nathaniel_bray:yeemp:0.7.1:::::::*
	cpe:2.3:a:nathaniel_bray:yeemp:0.7.2:::::::*
	cpe:2.3:a:nathaniel_bray:yeemp:0.8:::::::*
	cpe:2.3:a:nathaniel_bray:yeemp:0.9:::::::*
	cpe:2.3:a:nathaniel_bray:yeemp:0.9.1:::::::*
	cpe:2.3:a:nathaniel_bray:yeemp:0.9.2:::::::*
	cpe:2.3:a:nathaniel_bray:yeemp:0.9.2pre2:::::::*
	cpe:2.3:a:nathaniel_bray:yeemp:0.9.4:::::::*
	cpe:2.3:a:nathaniel_bray:yeemp:0.9.6:::::::*
	cpe:2.3:a:nathaniel_bray:yeemp:0.9.7:::::::*
	cpe:2.3:a:nathaniel_bray:yeemp:0.9.8:::::::*
	cpe:2.3:a:nathaniel_bray:yeemp:0.9.9:::::::*

History

No history.

Information

Published : 2004-12-31 05:00

Updated : 2024-02-28 10:42

NVD link : CVE-2004-2642

Mitre link : CVE-2004-2642

CVE.ORG link : CVE-2004-2642

JSON object : View

Products Affected

nathaniel_bray

yeemp

CWE

NVD-CWE-Other

{"id": "CVE-2004-2642", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"url": "http://deekoo.net/technocracy/yeemp/#advisory", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://deekoo.net/technocracy/yeemp/changes.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/12795", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1011586", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/10671", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/11353", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17692", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which allows remote attackers to spoof the identity of the sender."}], "lastModified": "2017-07-20T01:29:03.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nathaniel_bray:yeemp:0.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "099E3C48-BF49-4CA3-AC9B-8901193FB3D3"}, {"criteria": "cpe:2.3:a:nathaniel_bray:yeemp:0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF7541A5-8A27-4567-A247-823F24F48CA1"}, {"criteria": "cpe:2.3:a:nathaniel_bray:yeemp:0.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFA1B45F-E264-4C11-ADA1-A73F68A25A52"}, {"criteria": "cpe:2.3:a:nathaniel_bray:yeemp:0.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D116193B-5636-4284-ACBE-29B5C09B88F5"}, {"criteria": "cpe:2.3:a:nathaniel_bray:yeemp:0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CF3E7C9-74EB-4C28-8471-3D3135A11DF4"}, {"criteria": "cpe:2.3:a:nathaniel_bray:yeemp:0.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "877FD564-2C3B-4C89-A1F8-0334FBFE5D52"}, {"criteria": "cpe:2.3:a:nathaniel_bray:yeemp:0.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7C02664-113F-4550-AB4C-C30E278F69B2"}, {"criteria": "cpe:2.3:a:nathaniel_bray:yeemp:0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADA6AE71-E793-44E3-815D-6A64F55ED83A"}, {"criteria": "cpe:2.3:a:nathaniel_bray:yeemp:0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A5DF76A-74C7-45A8-938C-AB6FDDC079F1"}, {"criteria": "cpe:2.3:a:nathaniel_bray:yeemp:0.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A90B5EC4-379C-4835-94C7-580CBB7F7054"}, {"criteria": "cpe:2.3:a:nathaniel_bray:yeemp:0.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B09F444-6306-4AE5-A9E1-EA5E19C64520"}, {"criteria": "cpe:2.3:a:nathaniel_bray:yeemp:0.9.2pre2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14FFAF52-6996-4B5E-A6B2-4A3933751CC9"}, {"criteria": "cpe:2.3:a:nathaniel_bray:yeemp:0.9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "671B7FE8-4054-4D0A-A6A3-8826BFEA8A27"}, {"criteria": "cpe:2.3:a:nathaniel_bray:yeemp:0.9.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB30DD13-F065-4DD3-B9FD-10A75A0F5A39"}, {"criteria": "cpe:2.3:a:nathaniel_bray:yeemp:0.9.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "582EFC53-E21D-4752-B30C-8301BEE2448F"}, {"criteria": "cpe:2.3:a:nathaniel_bray:yeemp:0.9.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C2BF442-FE6C-471D-B359-C626187C1196"}, {"criteria": "cpe:2.3:a:nathaniel_bray:yeemp:0.9.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DC2E942-E288-4AD2-A1FD-270F1E73EAE6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}