Fedora Extras : ssmtp-2.61-11fc[5,6,devel]

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora Core host is missing a security update.

Description :

Ben XO discovered that during the AUTH LOGIN phase, ssmtp <= 2.61-10
leaks (in BASE64 encoded form) the password used. Details are
available at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369542

Fedora Extras versions earlier then the version mentioned above are
vulnerable to this problem, upgrade to fix this vulnerability.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369542
http://www.nessus.org/u?afa46c34

Solution :

Update the affected ssmtp package.

Risk factor :

High

Family: Fedora Local Security Checks

Nessus Plugin ID: 62282 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now