PT-2001-2141 · Mysql Server+1 · Mysql Server+1

Published

2001-09-04

Updated

2017-12-19

CVE-2001-0990

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Inter7 vpopmail versions 4.10.35 and earlier

Description The issue allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the libvpopmail.a library, which compiles authentication information in cleartext when using the MySQL module.

Recommendations For Inter7 vpopmail versions 4.10.35 and earlier, consider restricting access to the libvpopmail.a library to minimize the risk of exploitation. As a temporary workaround, avoid using the MySQL module until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0990

Affected Products

Mysql Server

Vpopmail

PT-2001-2141 · Mysql Server+1 · Mysql Server+1

CVE-2001-0990

Related Identifiers

Affected Products

References · 5