GLSA-200511-13 : Sylpheed, Sylpheed-Claws: Buffer overflow in LDIF importer

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200511-13
(Sylpheed, Sylpheed-Claws: Buffer overflow in LDIF importer)

Colin Leroy reported buffer overflow vulnerabilities in Sylpheed
and Sylpheed-Claws. The LDIF importer uses a fixed length buffer to
store data of variable length. Two similar problems exist also in the
Mutt and Pine addressbook importers of Sylpheed-Claws.

Impact :

By convincing a user to import a specially crafted LDIF file into
the address book, a remote attacker could cause the program to crash,
potentially allowing the execution of arbitrary code with the
privileges of the user running the software.

Workaround :

There is no known workaround at this time.

See also :

Solution :

All Sylpheed users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=mail-client/sylpheed-2.0.4'
All Sylpheed-Claws users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=mail-client/sylpheed-claws-1.0.5-r1'

Risk factor :

Medium / CVSS Base Score : 5.1

Family: Gentoo Local Security Checks

Nessus Plugin ID: 20234 (gentoo_GLSA-200511-13.nasl)

Bugtraq ID:

CVE ID: CVE-2005-3354

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now