CVE-2010-3292
Severity CVSS v4.0:
Pending analysis
Type:
CWE-311
Missing Encryption of Sensitive Data
Publication date:
12/11/2019
Last modified:
21/11/2024
Description
The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mailscanner:mailscanner:4.79.11-2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://access.redhat.com/security/cve/cve-2010-3292
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596396
- https://security-tracker.debian.org/tracker/CVE-2010-3292
- https://www.openwall.com/lists/oss-security/2010/09/13/9
- https://access.redhat.com/security/cve/cve-2010-3292
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596396
- https://security-tracker.debian.org/tracker/CVE-2010-3292
- https://www.openwall.com/lists/oss-security/2010/09/13/9