cbcvebase.
CVE-2002-1311
published 2002-11-29

CVE-2002-1311: Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.

PriorityP412medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.34%
25.9th percentile
Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.

Affected

7 ranges
VendorProductVersion rangeFixed in
debiancourier< courier 0.40.0-1 (bookworm)courier 0.40.0-1 (bookworm)
double_precision_incorporatedcourier_mta
double_precision_incorporatedcourier_mta
double_precision_incorporatedcourier_mta>= 0 < 0.40.0-10.40.0-1
double_precision_incorporatedcourier_mta>= 0 < 0.40.0-10.40.0-1
double_precision_incorporatedcourier_mta>= 0 < 0.40.0-10.40.0-1
double_precision_incorporatedcourier_mta>= 0 < 0.40.0-10.40.0-1

CVSS provenance

nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.