PT-2019-6553 · Mailscanner · Mailscanner

Raphael Geissert

Published

2019-11-12

Updated

2019-11-15

CVE-2010-3292

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions mailscanner version 4.79.11-2

Description The issue concerns the update{ bad,} phishing sites scripts in mailscanner, which download files without using encryption or digital signature checking. This could allow an attacker to replace certain configuration files, such as the phishing whitelist, via DNS or packet spoofing.

Recommendations For mailscanner version 4.79.11-2, consider disabling the update{ bad,} phishing sites scripts until a secure update mechanism is implemented to prevent potential exploitation. Restrict access to configuration files to minimize the risk of unauthorized modifications.

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

CVE-2010-3292

Affected Products

Mailscanner

PT-2019-6553 · Mailscanner · Mailscanner

CVE-2010-3292

Weakness Enumeration

Related Identifiers

Affected Products

References · 5