CVE-ID

CVE-1999-0242

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Remote attackers can access mail files via POP3 in some Linux systems that are using shadow passwords.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
  • BUGTRAQ:19951222 mailx-5.5 (slackware /bin/mail) security hole
  • XF:linux-pop3d
Assigning CNA
MITRE Corporation
Date Record Created
19990607 Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20000106)
Votes (Legacy)
ACCEPT(1) Baker
MODIFY(1) Frech
NOOP(4) Christey, Northcutt, Shostack, Wall
REVIEWING(1) Levy
Comments (Legacy)
 Frech> Ambiguous description: need more detail. Possibly:
   XF:linux-pop3d (mktemp() leads to reading e-mail)
 Christey> At first glance this might look like CVE-1999-0123 or
   CVE-1999-0125, however this particular candidate arises out
   of a brief mention of the problem in a larger posting which
   discusses CVE-1999-0123 (which may be the same bug as
   CVE-1999-0125).  See the following phrase in the Bugtraq
   post: "one such example of this is in.pop3d"
   
   However, the original source of this candidate's description
   explicitly mentions shadowed passwords, though it has no
   references to help out here.

Proposed (Legacy)
19990714
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.