CVE-2002-1311
published 2002-11-29CVE-2002-1311: Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
PriorityP412medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.34%
25.9th percentile
Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | courier | < courier 0.40.0-1 (bookworm) | courier 0.40.0-1 (bookworm) |
| double_precision_incorporated | courier_mta | — | — |
| double_precision_incorporated | courier_mta | — | — |
| double_precision_incorporated | courier_mta | >= 0 < 0.40.0-1 | 0.40.0-1 |
| double_precision_incorporated | courier_mta | >= 0 < 0.40.0-1 | 0.40.0-1 |
| double_precision_incorporated | courier_mta | >= 0 < 0.40.0-1 | 0.40.0-1 |
| double_precision_incorporated | courier_mta | >= 0 < 0.40.0-1 | 0.40.0-1 |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j8m5-3p5x-jmxf: Courier sqwebmail before 0
ghsa_unreviewed·2022-04-30
CVE-2002-1311 [MEDIUM] GHSA-j8m5-3p5x-jmxf: Courier sqwebmail before 0
Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
OSV
CVE-2002-1311: Courier sqwebmail before 0
osv·2002-11-29·CVSS 4.6
CVE-2002-1311 [MEDIUM] CVE-2002-1311: Courier sqwebmail before 0
Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
Debian
CVE-2002-1311: courier - Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup i...
vendor_debian·2002·CVSS 4.6
CVE-2002-1311 [MEDIUM] CVE-2002-1311: courier - Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup i...
Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
Scope: local
bookworm: resolved (fixed in 0.40.0-1)
bullseye: resolved (fixed in 0.40.0-1)
forky: resolved (fixed in 0.40.0-1)
sid: resolved (fixed in 0.40.0-1)
trixie: resolved (fixed in 0.40.0-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=103794021013436&w=2http://www.debian.org/security/2002/dsa-197http://www.iss.net/security_center/static/10643.phphttp://www.securityfocus.com/bid/6189http://marc.info/?l=bugtraq&m=103794021013436&w=2http://www.debian.org/security/2002/dsa-197http://www.iss.net/security_center/static/10643.phphttp://www.securityfocus.com/bid/6189
2002-11-29
Published