qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first.
Threat-Mapped Scoring
Score: 2.3
Priority: P3 - Important (Medium)
S6 – Espionage of Financial Trades
EPSS
Score: 0.00046Percentile:
0.13899
CVSS Scoring
CVSS v3.1 Score: 5.5
Severity: MEDIUM
Mapped CWE(s)
CWE-269
: Improper Privilege Management
All CAPEC(s)
CAPEC-122 : Privilege Abuse
CAPEC-233 : Privilege Escalation
CAPEC-58 : Restful Privilege Elevation
CAPEC(s) with Mapped TTPs
CAPEC-122 : Privilege Abuse
Mapped TTPs:
T1548
: Abuse Elevation Control Mechanism
CAPEC-233 : Privilege Escalation
Mapped TTPs:
T1548
: Abuse Elevation Control Mechanism
Mapped ATT&CK TTPs
T1548
: Abuse Elevation Control Mechanism
Kill Chain: privilege-escalation
T1548
: Abuse Elevation Control Mechanism
Kill Chain: privilege-escalation
Malware
APTs Threat Group Associations
Campaigns
Affected Products
cpe:2.3:a:netqmail:netqmail:1.06:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me