PT-2020-3626 · Qmail+2 · Netqmail+2

Georgi Guninski

Published

2020-05-20

Updated

2022-04-28

CVE-2020-3811

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions netqmail version 1.06

Description The issue is related to a lack of input validation in the qmail-verify module of the netqmail email client. This can be exploited by a remote attacker to compromise data integrity. The vulnerability allows for a mail-address verification bypass.

Recommendations For netqmail version 1.06, consider disabling the qmail-verify module until a patch is available to prevent potential exploitation. Restrict access to the mail-address verification feature to minimize the risk of data integrity compromise.

Exploit

Fix

Incorrect Authorization

Improper Initialization

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-665CWE-20

Related Identifiers

BDU:2020-03973

CVE-2020-3811

DLA-2234-1

DSA-4692-1

USN-4556-1

USN-4621-1

Affected Products

Linuxmint

Ubuntu

Netqmail

PT-2020-3626 · Qmail+2 · Netqmail+2

CVE-2020-3811

Weakness Enumeration

Related Identifiers

Affected Products

References · 24