Title: Inter7 vpopmail MySQL Authentication Data Recovery Vulnerability
Severity: MODERATE
Description:
Inter7 vpopmail is a freely-available software package that provides an way for system administrators to manage virtual email domains and non-system password based email accounts on Qmail or Postfix mail servers.
A vunerability exists in vpopmail that may result in the disclosure of sensitive authentication information when the package is configured to use a MySQL database. When the package is compiled, account information used for database authentication is compiled into an object archive and subsequently linked against the command-line programs included in the package. Due to the non-interactive nature of the package, this information is written in cleartext.
The programs are then installed with world-readable file access permissions. As a result, it may be possible for an attacker with local access to retrieve the authentication information by examining one of the programs.
Affected Products:
- Inter7 vpopmail (vchkpw) 3.4.1
- Inter7 vpopmail (vchkpw) 3.4.10
- Inter7 vpopmail (vchkpw) 3.4.11
- Inter7 vpopmail (vchkpw) 3.4.11 e
- Inter7 vpopmail (vchkpw) 3.4.2
- Inter7 vpopmail (vchkpw) 3.4.3
- Inter7 vpopmail (vchkpw) 3.4.4
- Inter7 vpopmail (vchkpw) 3.4.5
- Inter7 vpopmail (vchkpw) 3.4.6
- Inter7 vpopmail (vchkpw) 3.4.7
- Inter7 vpopmail (vchkpw) 3.4.8
- Inter7 vpopmail (vchkpw) 3.4.9
- Inter7 vpopmail (vchkpw) 4.5.0
- Inter7 vpopmail (vchkpw) 4.6.0
- Inter7 vpopmail (vchkpw) 4.7.0
- Inter7 vpopmail (vchkpw) 4.8.0
- Inter7 vpopmail (vchkpw) 4.9.0
- Inter7 vpopmail (vchkpw) 4.9.10
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
