Nullmailer Package Vulnerability in Gentoo Linux
CVE-2013-4223

Currently unrated

Key Information:

Vendor: Gentoo
Status: Nullmailer
Vendor: CVE Published:; 23 May 2014

What is CVE-2013-4223?

The Nullmailer package in Gentoo Linux prior to version 1.11-r2 has a security issue where the configuration file, /etc/nullmailer/remotes, has world-readable permissions. This flaw permits local users to access this file and potentially extract sensitive SMTP authentication credentials, which could lead to unauthorized access and misuse of email services. Users are strongly encouraged to secure the configuration file to mitigate this risk and restrict access.

References

http://seclists.org/oss-sec/2013/q3/337

mailing-listx_refsource_MLIST

https://exchange.xforce.ibmcloud.com/vulnerabilities/86384

vdb-entryx_refsource_XF

http://seclists.org/oss-sec/2013/q3/339

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2014
Vulnerability Reserved
Jun 12, 2013