The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed with world readable permissions, which allows local users to obtain user POP3 credentials.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Inlook | Inlook | 0.6.0 (including) | 0.6.0 (including) |
| Inlook | Inlook | 0.6.1 (including) | 0.6.1 (including) |
| Inlook | Inlook | 0.6.2 (including) | 0.6.2 (including) |
| Inlook | Inlook | 0.6.3 (including) | 0.6.3 (including) |
| Inlook | Inlook | 0.6.4 (including) | 0.6.4 (including) |
| Inlook | Inlook | 0.6.5 (including) | 0.6.5 (including) |
| Inlook | Inlook | 0.6.6 (including) | 0.6.6 (including) |
| Inlook | Inlook | 0.6.7 (including) | 0.6.7 (including) |
| Inlook | Inlook | 0.6.8 (including) | 0.6.8 (including) |
| Inlook | Inlook | 0.6.9 (including) | 0.6.9 (including) |
| Inlook | Inlook | 0.6.10.0 (including) | 0.6.10.0 (including) |
| Inlook | Inlook | 0.6.11 (including) | 0.6.11 (including) |
| Inlook | Inlook | 0.6.12 (including) | 0.6.12 (including) |
| Inlook | Inlook | 0.6.13 (including) | 0.6.13 (including) |
| Inlook | Inlook | 0.6.14 (including) | 0.6.14 (including) |
| Inlook | Inlook | 0.7.0 (including) | 0.7.0 (including) |
| Inlook | Inlook | 0.7.1 (including) | 0.7.1 (including) |
| Inlook | Inlook | 0.7.2 (including) | 0.7.2 (including) |
| Inlook | Inlook | 0.7.3 (including) | 0.7.3 (including) |
References
- http://secunia.com/advisories/10752/
- http://www.osvdb.org/3771
- http://www.securityfocus.com/bid/9527
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14990
- https://sourceforge.net/project/shownotes.php?release_id=213427
- http://secunia.com/advisories/10752/
- http://www.osvdb.org/3771
- http://www.securityfocus.com/bid/9527
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14990
- https://sourceforge.net/project/shownotes.php?release_id=213427