FreeBSD : claws-mail -- POP3 Format String Vulnerability (d9867f50-54d0-11dc-b80b-0016179b2dd5)

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

A Secunia Advisory reports :

A format string error in the 'inc_put_error()' function in src/inc.c
when displaying a POP3 server's error response can be exploited via
specially crafted POP3 server replies containing format specifiers.

Successful exploitation may allow execution of arbitrary code, but
requires that the user is tricked into connecting to a malicious POP3
server.

See also :

http://secunia.com/secunia_research/2007-70/advisory/
http://www.nessus.org/u?faa63153

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 25943 (freebsd_pkg_d9867f5054d011dcb80b0016179b2dd5.nasl)

Bugtraq ID:

CVE ID: CVE-2007-2958

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now