CVE-2001-0990
Last modified
CVE-2001-0990 is a vulnerability of currently unknown severity. Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Inter7 | Vpopmail | 3.4.1 |
| Inter7 | Vpopmail | 3.4.2 |
| Inter7 | Vpopmail | 3.4.3 |
| Inter7 | Vpopmail | 3.4.4 |
| Inter7 | Vpopmail | 3.4.5 |
| Inter7 | Vpopmail | 3.4.6 |
| Inter7 | Vpopmail | 3.4.7 |
| Inter7 | Vpopmail | 3.4.8 |
| Inter7 | Vpopmail | 3.4.9 |
| Inter7 | Vpopmail | 3.4.10 |
| Inter7 | Vpopmail | 3.4.11 |
| Inter7 | Vpopmail | 3.4.11e |
| Inter7 | Vpopmail | 4.5 |
| Inter7 | Vpopmail | 4.6 |
| Inter7 | Vpopmail | 4.7 |
| Inter7 | Vpopmail | 4.8 |
| Inter7 | Vpopmail | 4.9 |
| Inter7 | Vpopmail | 4.9.10 |
References
- http://www.securityfocus.com/archive/1/212036Patch, Vendor Advisory
- http://www.securityfocus.com/bid/3284Vendor Advisory
- http://www.securityfocus.com/archive/1/212036Patch, Vendor Advisory
- http://www.securityfocus.com/bid/3284Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2001-0990?
How severe is CVE-2001-0990?
How do I fix CVE-2001-0990?
Are you affected by CVE-2001-0990?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST