This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.
The remote POP3 server is affected by multiple file handling flaws.
According to its banner, the remote host is running a version of the
Qpopper POP3 server that suffers from two local, insecure file
handling vulnerabilities. First, it fails to properly drop root
privileges when processing certain local files, which could lead to
overwriting or creation of arbitrary files as root. And second, it
fails to set the process umask, potentially allowing creation of
group- or world-writable files.
See also :
Upgrade to Qpopper 4.0.6 or later.
Risk factor :
High / CVSS Base Score : 7.2
CVSS Temporal Score : 6.3
Public Exploit Available : true