MidnightBSD

Advisories for getmail

CVE-2004-0880 LOW

getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
getmail getmail 4.0.11
getmail getmail 4.1.1
getmail getmail 4.1.2
slackware slackware_linux 9.1
getmail getmail 4.0.6
getmail getmail 4.1.4
getmail getmail 4.1.3
gentoo linux 1.4
getmail getmail 4.0.9
getmail getmail 4.0.13
getmail getmail 4.1.5
getmail getmail 2.3.7
getmail getmail 3.x
slackware slackware_linux current
getmail getmail 4.0
getmail getmail 4.0.0_b10
getmail getmail 4.0.1
getmail getmail 4.1
getmail getmail 4.0.10
getmail getmail 4.0.2
getmail getmail 4.0.3
getmail getmail 4.0.8
getmail getmail 4.0.5
getmail getmail 4.0.7
getmail getmail 4.0.4
slackware slackware_linux 10.0
getmail getmail 4.0.12
CVE-2004-0881 LOW

getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
getmail getmail 4.0.11
getmail getmail 4.1.1
getmail getmail 4.1.2
slackware slackware_linux 9.1
getmail getmail 4.0.6
getmail getmail 4.1.4
getmail getmail 4.1.3
gentoo linux 1.4
getmail getmail 4.0.9
getmail getmail 4.0.13
getmail getmail 4.1.5
getmail getmail 2.3.7
getmail getmail 3.x
slackware slackware_linux current
getmail getmail 4.0
getmail getmail 4.0.0_b10
getmail getmail 4.0.1
getmail getmail 4.1
getmail getmail 4.0.10
getmail getmail 4.0.2
getmail getmail 4.0.3
getmail getmail 4.0.8
getmail getmail 4.0.5
getmail getmail 4.0.7
getmail getmail 4.0.4
slackware slackware_linux 10.0
getmail getmail 4.0.12
CVE-2014-7273 MEDIUM

The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
getmail getmail 4.40.0
getmail getmail 4.1.1
getmail getmail 4.22.0
getmail getmail 4.10.0
getmail getmail 4.16.0
getmail getmail 4.0.6
getmail getmail 4.38.0
getmail getmail 4.23.0
getmail getmail 4.0.9
getmail getmail 4.11.0
getmail getmail 4.0.13
getmail getmail 4.0
getmail getmail 4.14.0
getmail getmail 4.24.0
getmail getmail 4.35.0
getmail getmail 4.0.10
getmail getmail 4.6.0
getmail getmail 4.0.3
getmail getmail 4.0.8
getmail getmail 4.5.0
getmail getmail 4.33.0
getmail getmail 4.29.0
getmail getmail 4.15.0
getmail getmail 4.2.0
getmail getmail 4.26.0
getmail getmail 4.0.12
getmail getmail 4.7.0
getmail getmail 4.0.11
getmail getmail 4.9.0
getmail getmail 4.25.0
getmail getmail 4.42.0
getmail getmail 4.1.2
getmail getmail 4.1.4
getmail getmail 4.8.0
getmail getmail 4.1.3
getmail getmail 4.28.0
getmail getmail 4.36.0
getmail getmail 4.3.0
getmail getmail 4.31.0
getmail getmail 4.1.5
getmail getmail 4.41.0
getmail getmail 4.17.0
getmail getmail 4.27.0
getmail getmail 4.0.0_b10
getmail getmail 4.0.1
getmail getmail 4.19.0
getmail getmail 4.12.0
getmail getmail 4.18.0
getmail getmail 4.1
getmail getmail 4.21.0
getmail getmail 4.37.0
getmail getmail 4.0.2
getmail getmail 4.0.5
getmail getmail 4.34.0
getmail getmail 4.13.0
getmail getmail 4.30.0
getmail getmail 4.0.7
getmail getmail 4.0.4
getmail getmail 4.32.0
getmail getmail 4.39.0
getmail getmail 4.4.0
getmail getmail 4.20.0
CVE-2014-7274 MEDIUM

The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
getmail getmail 4.44.0
CVE-2014-7275 MEDIUM

The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
getmail getmail 4.40.0
getmail getmail 4.1.1
getmail getmail 4.22.0
getmail getmail 4.10.0
getmail getmail 4.16.0
getmail getmail 4.0.6
getmail getmail 4.38.0
getmail getmail 4.23.0
getmail getmail 4.43.0
getmail getmail 4.0.9
getmail getmail 4.11.0
getmail getmail 4.0.13
getmail getmail 4.14.0
getmail getmail 4.24.0
getmail getmail 4.35.0
getmail getmail 4.0.10
getmail getmail 4.6.0
getmail getmail 4.0.3
getmail getmail 4.0.8
getmail getmail 4.5.0
getmail getmail 4.33.0
getmail getmail 4.29.0
getmail getmail 4.15.0
getmail getmail 4.2.0
getmail getmail 4.26.0
getmail getmail 4.0.12
getmail getmail 4.7.0
getmail getmail 4.0.11
getmail getmail 4.9.0
getmail getmail 4.25.0
getmail getmail 4.42.0
getmail getmail 4.1.2
getmail getmail 4.1.4
getmail getmail 4.8.0
getmail getmail 4.1.3
getmail getmail 4.28.0
getmail getmail 4.36.0
getmail getmail 4.3.0
getmail getmail 4.31.0
getmail getmail 4.1.5
getmail getmail 4.41.0
getmail getmail 4.17.0
getmail getmail 4.27.0
getmail getmail 4.0.1
getmail getmail 4.19.0
getmail getmail 4.12.0
getmail getmail 4.18.0
getmail getmail 4.1
getmail getmail 4.21.0
getmail getmail 4.37.0
getmail getmail 4.44.0
getmail getmail 4.0.2
getmail getmail 4.0.5
getmail getmail 4.34.0
getmail getmail 4.13.0
getmail getmail 4.30.0
getmail getmail 4.0.7
getmail getmail 4.0.4
getmail getmail 4.32.0
getmail getmail 4.39.0
getmail getmail 4.4.0
getmail getmail 4.20.0