CVE-2020-3811 - OpenCVE

qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Netqmail	Netqmail

Configuration 1 [-]

cpe:2.3:a:netqmail:netqmail:1.06:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 3 [-]

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

References

Link	Resource
https://bugs.debian.org/961060	Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00002.html	Mailing List Third Party Advisory
https://usn.ubuntu.com/4556-1/	Third Party Advisory
https://www.debian.org/security/2020/dsa-4692	Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/05/19/8	Exploit Mailing List Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: debian

Published: 2020-05-19T00:00:00

Updated: 2020-10-05T20:06:15

Reserved: 2019-12-17T00:00:00

Link: CVE-2020-3811

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-05-26T13:15:10.687

Modified: 2022-04-28T19:30:37.583

Link: CVE-2020-3811

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "netqmail", "vendor": "Debian", "versions": [{"status": "affected", "version": "1.06"}]}], "datePublic": "2020-05-19T00:00:00", "descriptions": [{"lang": "en", "value": "qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability."}], "problemTypes": [{"descriptions": [{"description": "mail-address verification bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-05T20:06:15", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2020/05/19/8"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.debian.org/961060"}, {"tags": ["x_refsource_MISC"], "url": "https://www.debian.org/security/2020/dsa-4692"}, {"name": "[debian-lts-announce] 20200604 [SECURITY] [DLA 2234-1] netqmail security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00002.html"}, {"name": "USN-4556-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4556-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "DATE_PUBLIC": "2020-05-19T00:00:00.000Z", "ID": "CVE-2020-3811", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "netqmail", "version": {"version_data": [{"version_value": "1.06"}]}}]}, "vendor_name": "Debian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "mail-address verification bypass"}]}]}, "references": {"reference_data": [{"name": "https://www.openwall.com/lists/oss-security/2020/05/19/8", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2020/05/19/8"}, {"name": "https://bugs.debian.org/961060", "refsource": "MISC", "url": "https://bugs.debian.org/961060"}, {"name": "https://www.debian.org/security/2020/dsa-4692", "refsource": "MISC", "url": "https://www.debian.org/security/2020/dsa-4692"}, {"name": "[debian-lts-announce] 20200604 [SECURITY] [DLA 2234-1] netqmail security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00002.html"}, {"name": "USN-4556-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4556-1/"}]}}}}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2020-3811", "datePublished": "2020-05-19T00:00:00", "dateReserved": "2019-12-17T00:00:00", "dateUpdated": "2020-10-05T20:06:15", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netqmail:netqmail:1.06:*:*:*:*:*:*:*", "matchCriteriaId": "A3713EE5-FDD5-45AE-BB04-8BA1B10D88DB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability."}, {"lang": "es", "value": "qmail-verify como es usado en netqmail versi\u00f3n 1.06 es propenso a una vulnerabilidad de omisi\u00f3n de verificaci\u00f3n de direcci\u00f3n de correo."}], "id": "CVE-2020-3811", "lastModified": "2022-04-28T19:30:37.583", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-26T13:15:10.687", "references": [{"source": "security@debian.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugs.debian.org/961060"}, {"source": "security@debian.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00002.html"}, {"source": "security@debian.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4556-1/"}, {"source": "security@debian.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4692"}, {"source": "security@debian.org", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2020/05/19/8"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-665"}, {"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}