Vulnerability Description
Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leveraged for remote exploitation of CVE-2008-3395. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | All versions |
| Calacode | Atmail | 5.41 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/31279Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44145
- http://secunia.com/advisories/31279Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44145
FAQ
What is CVE-2008-3579?
CVE-2008-3579 is a vulnerability with a CVSS score of 7.8 (HIGH). Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a bac...
How severe is CVE-2008-3579?
CVE-2008-3579 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3579?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Calacode Atmail.