Title: Courier SqWebMail File Disclosure Vulnerability
Severity: MODERATE
Description:
Courier SqWebMail is a CGI application used to send and receive email using 'Maildir' mailboxes.
An information disclosure vulnerability has been reported for SqWebMail. In some circumstances, it has been reported that SqWebMail does not drop privileges fast enough upon startup.
An attacker can exploit this vulnerability to execute SqWebMail and obtain access to potentially sensitive files.
Precise technical details regarding this vulnerability are not yet known. This BID will be updated as more information becomes available.
Affected Products:
- Debian Linux 3.0.0 alpha
- Debian Linux 3.0.0 arm
- Debian Linux 3.0.0 hppa
- Debian Linux 3.0.0 ia-32
- Debian Linux 3.0.0 ia-64
- Debian Linux 3.0.0 m68k
- Debian Linux 3.0.0 mips
- Debian Linux 3.0.0 mipsel
- Debian Linux 3.0.0 ppc
- Debian Linux 3.0.0 s/390
- Debian Linux 3.0.0 sparc
- Double Precision Incorporated Courier MTA 0.37.3
- Double Precision Incorporated Courier MTA 0.40.0
References:
- Double Precision Inc.: Courier-MTA
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
