CVE-2020-3812

Name of the Vulnerable Software and Affected Versions netqmail version 1.06

Description The issue is related to the qmail-verify module in the netqmail email client, which lacks protection for service data. This can allow an attacker to gain access to confidential data. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first.

Recommendations For netqmail version 1.06, consider restricting the privileges of the qmail-verify module to prevent it from running as root, or apply configuration changes to limit its access to sensitive files and directories. As a temporary workaround, consider disabling the qmail-verify module until a patch is available.