Vulnerabilities > CVE-2004-0881
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir.
Vulnerable Configurations
Nessus
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2004-278-01.NASL description New getmail packages are available for Slackware 9.1, 10.0 and -current to fix a security issue. If getmail is used as root to deliver to user owned files or directories, it can be made to overwrite system files. last seen 2020-06-01 modified 2020-06-02 plugin id 18776 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18776 title Slackware 10.0 / 9.1 / current : getmail (SSA:2004-278-01) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200409-32.NASL description The remote host is affected by the vulnerability described in GLSA-200409-32 (getmail: Filesystem overwrite vulnerability) David Watson discovered a vulnerability in getmail when it is configured to run as root and deliver mail to the maildirs/mbox files of untrusted local users. A malicious local user can then exploit a race condition, or a similar symlink attack, and potentially cause getmail to create or overwrite files in any directory on the system. Impact : An untrusted local user could potentially create or overwrite files in any directory on the system. This vulnerability may also be exploited to have arbitrary commands executed as root. Workaround : Do not run getmail as a privileged user; or, in version 4, use an external MDA with explicitly configured user and group privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 14809 published 2004-09-24 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14809 title GLSA-200409-32 : getmail: Filesystem overwrite vulnerability NASL family FreeBSD Local Security Checks NASL id FREEBSD_GETMAIL_325.NASL description The following package needs to be updated: getmail last seen 2016-09-26 modified 2011-10-03 plugin id 15489 published 2004-10-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=15489 title FreeBSD : getmail -- symlink vulnerability during maildir delivery (56) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_8C33B299163B11D9AC1B000D614F7FAD.NASL description David Watson reports a symlink vulnerability in getmail. If run as root (not the recommended mode of operation), a local user may be able to cause getmail to write files in arbitrary directories via a symlink attack on subdirectories of the maildir. last seen 2020-06-01 modified 2020-06-02 plugin id 37686 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37686 title FreeBSD : getmail -- symlink vulnerability during maildir delivery (8c33b299-163b-11d9-ac1b-000d614f7fad) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-553.NASL description A security problem has been discovered in getmail, a POP3 and APOP mail gatherer and forwarder. An attacker with a shell account on the victims host could utilise getmail to overwrite arbitrary files when it is running as root. last seen 2020-06-01 modified 2020-06-02 plugin id 15390 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15390 title Debian DSA-553-1 : getmail - symlink vulnerability