From 01fcf49e63301a3551fada0c96f226b19d7b404a Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Wed, 20 May 2020 23:07:24 +0200 Subject: [PATCH 1/2] Add CVE-2020-3811 --- 2020/3xxx/CVE-2020-3811.json | 62 ++++++++++++++++++++++++++++++++---- 1 file changed, 55 insertions(+), 7 deletions(-) diff --git a/2020/3xxx/CVE-2020-3811.json b/2020/3xxx/CVE-2020-3811.json index a4ed804838a..634d6c5d958 100644 --- a/2020/3xxx/CVE-2020-3811.json +++ b/2020/3xxx/CVE-2020-3811.json @@ -1,18 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "DATE_PUBLIC": "2020-05-19T00:00:00.000Z", "ID": "CVE-2020-3811", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "netqmail", + "version": { + "version_data": [ + { + "version_value": "1.06" + } + ] + } + } + ] + }, + "vendor_name": "Debian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "mail-address verification bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.openwall.com/lists/oss-security/2020/05/19/8" + }, + { + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/961060" } ] } -} \ No newline at end of file +} From ba00edad06420d3af342096e1a66cc1558c5e8bb Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Wed, 20 May 2020 23:09:41 +0200 Subject: [PATCH 2/2] Add CVE-2020-3812 --- 2020/3xxx/CVE-2020-3812.json | 62 ++++++++++++++++++++++++++++++++---- 1 file changed, 55 insertions(+), 7 deletions(-) diff --git a/2020/3xxx/CVE-2020-3812.json b/2020/3xxx/CVE-2020-3812.json index 3c724e68b6a..66dac0c3c78 100644 --- a/2020/3xxx/CVE-2020-3812.json +++ b/2020/3xxx/CVE-2020-3812.json @@ -1,18 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "DATE_PUBLIC": "2020-05-19T00:00:00.000Z", "ID": "CVE-2020-3812", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "netqmail", + "version": { + "version_data": [ + { + "version_value": "1.06" + } + ] + } + } + ] + }, + "vendor_name": "Debian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.openwall.com/lists/oss-security/2020/05/19/8" + }, + { + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/961060" } ] } -} \ No newline at end of file +}