CVE-2002-1278 - The mailconf module in Linuxconf 1.24, and other versions before 1.28, on Conectiva Linux 6.0 throug

CVE-2002-1278

Summary

The mailconf module in Linuxconf 1.24, and other versions before 1.28, on Conectiva Linux 6.0 through 8, and possibly other distributions, generates the Sendmail configuration file (sendmail.cf) in a way that configures Sendmail to run as an open mail relay, which allows remote attackers to send Spam email.

References

Vulnerable Configurations

cpe:2.3:a:jacques_gelinas:linuxconf:1.2.4r2:*:*:*:*:*:*:*
cpe:2.3:a:jacques_gelinas:linuxconf:1.2.4r2:*:*:*:*:*:*:*
cpe:2.3:a:jacques_gelinas:linuxconf:1.2.5r3:*:*:*:*:*:*:*
cpe:2.3:a:jacques_gelinas:linuxconf:1.2.5r3:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 10-09-2008 - 19:14)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	6118
conectiva	CLA-2002:544
osvdb	6066
xf	linuxconf-sendmail-mail-relay(10554)

Last major update

10-09-2008 - 19:14

Published

12-11-2002 - 05:00

Last modified

10-09-2008 - 19:14