CVE Vulnerabilities

CVE-2001-0990

Published: Sep 04, 2001 | Modified: Dec 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.

Affected Software

Name Vendor Start Version End Version
Vpopmail Inter7 3.4.1 3.4.1
Vpopmail Inter7 3.4.2 3.4.2
Vpopmail Inter7 3.4.3 3.4.3
Vpopmail Inter7 3.4.4 3.4.4
Vpopmail Inter7 3.4.5 3.4.5
Vpopmail Inter7 3.4.6 3.4.6
Vpopmail Inter7 3.4.7 3.4.7
Vpopmail Inter7 3.4.8 3.4.8
Vpopmail Inter7 3.4.9 3.4.9
Vpopmail Inter7 3.4.10 3.4.10
Vpopmail Inter7 3.4.11 3.4.11
Vpopmail Inter7 3.4.11e 3.4.11e
Vpopmail Inter7 4.5 4.5
Vpopmail Inter7 4.6 4.6
Vpopmail Inter7 4.7 4.7
Vpopmail Inter7 4.8 4.8
Vpopmail Inter7 4.9 4.9
Vpopmail Inter7 4.9.10 4.9.10

References