PT-2013-6140 · Pineapp · Pineapp Mail-Secure

Published

2013-11-20

Updated

2013-11-25

CVE-2013-6831

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PineApp Mail-SeCure versions 3.70 and earlier

Description The issue is related to a sudoers file that does not properly restrict user specifications. This allows local users to gain privileges via a sudo command that leverages access to the qmailq account.

Recommendations For PineApp Mail-SeCure versions 3.70 and earlier, consider restricting access to the sudo command and limiting privileges for the qmailq account until a proper fix is applied. As a temporary workaround, review and modify the sudoers file to properly restrict user specifications and prevent unauthorized privilege escalation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2013-6831

Affected Products

Pineapp Mail-Secure

PT-2013-6140 · Pineapp · Pineapp Mail-Secure

CVE-2013-6831

Weakness Enumeration

Related Identifiers

Affected Products

References · 3