CVE-2020-3812

Priority
Description
qmail-verify as used in netqmail 1.06 is prone to an information disclosure
vulnerability. A local attacker can test for the existence of files and
directories anywhere in the filesystem because qmail-verify runs as root
and tests for the existence of files in the attacker's home directory,
without dropping its privileges first.
Ubuntu-Description
It was discovered that netqmail did not properly handle certain input when
validating email addresses. An attacker could use this vulnerability to cause
netqmail to disclose sensitive information.
Notes
Package
Upstream:released (1.06-6.2, 1.6-6.2~deb10u1, 1.6-6.2~deb9u1, 1.6-6.2~deb8u1,,,)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 20.04 LTS (Focal Fossa):released (1.06-6.2~deb10u1build0.20.04.1)
Ubuntu 20.10 (Groovy Gorilla):DNE
More Information

Updated: 2020-09-29 16:39:02 UTC (commit c9a12f81fd1c26a4c4b5908a3a309d30efc5290e)