Qpopper < 4.0.6 Multiple Insecure File Handling Local Privilege Escalation

This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.


Synopsis :

The remote POP3 server is affected by multiple file handling flaws.

Description :

According to its banner, the remote host is running a version of the
Qpopper POP3 server that suffers from two local, insecure file
handling vulnerabilities. First, it fails to properly drop root
privileges when processing certain local files, which could lead to
overwriting or creation of arbitrary files as root. And second, it
fails to set the process umask, potentially allowing creation of
group- or world-writable files.

See also :

http://bugs.gentoo.org/show_bug.cgi?id=90622
http://www.mail-archive.com/qpopper@lists.pensive.org/msg05140.html

Solution :

Upgrade to Qpopper 4.0.6 or later.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 18361 ()

Bugtraq ID: 13714

CVE ID: CVE-2005-1151
CVE-2005-1152