Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kolab | kolab_groupware_server | 1.0.1 |
| kolab | kolab_groupware_server | 1.0.7 |
| kolab | kolab_groupware_server | 1.0.6 |
| kolab | kolab_groupware_server | 1.0.8 |
| kolab | kolab_groupware_server | 1.0 |
| kolab | kolab_groupware_server | 1.0.3 |
| kolab | kolab_groupware_server | 1.0.5 |
| openpkg | openpkg | 2.0 |
Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures and attachments. NOTE: it is not clear whether this issue crosses privilege boundaries, so this might not be a vulnerability.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kolab | kolab_groupware_server | 2.0.0 |
| kolab | kolab_groupware_server | 2.0.1 |
Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kolab | kolab_groupware_server | * |
| kolab | kolab_groupware_server | 2.0.2 |
| kolab | kolab_groupware_server | 2.0.1 |
Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Server before 2.2.3 allows attackers to have an unspecified impact via vectors related to an "image upload form."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kolab | kolab_server | 2.2.1 |
| kolab | kolab_server | 2.2.0 |
| kolab | kolab_server | 2.2 |
| kolab | kolab_server | * |
| kolab | kolab_server | 2.1.0 |