First published: Fri Sep 24 2004(Updated: )
getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
getmail getmail | =2.3.7 | |
getmail getmail | =3.x | |
getmail getmail | =4.0 | |
getmail getmail | =4.0.0_b10 | |
getmail getmail | =4.0.1 | |
getmail getmail | =4.0.2 | |
getmail getmail | =4.0.3 | |
getmail getmail | =4.0.4 | |
getmail getmail | =4.0.5 | |
getmail getmail | =4.0.6 | |
getmail getmail | =4.0.7 | |
getmail getmail | =4.0.8 | |
getmail getmail | =4.0.9 | |
getmail getmail | =4.0.10 | |
getmail getmail | =4.0.11 | |
getmail getmail | =4.0.12 | |
getmail getmail | =4.0.13 | |
getmail getmail | =4.1 | |
getmail getmail | =4.1.1 | |
getmail getmail | =4.1.2 | |
getmail getmail | =4.1.3 | |
getmail getmail | =4.1.4 | |
getmail getmail | =4.1.5 | |
Gentoo Linux | =1.4 | |
Slackware Linux | =9.1 | |
Slackware Linux | =10.0 | |
Slackware Linux | =current |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2004-0881 is considered a moderate severity vulnerability due to the potential for unauthorized file access via a symlink attack.
To fix CVE-2004-0881, upgrade to getmail version 4.2.0 or later, or 3.2.5 or later.
CVE-2004-0881 affects versions of getmail prior to 4.2.0 and certain 3.x versions, particularly when run as root.
CVE-2004-0881 impacts systems running getmail on various Linux distributions, including Gentoo and Slackware.
No, CVE-2004-0881 requires local access for exploitation, making it a local privilege escalation vulnerability.