FreeBSD : rt42 -- denial-of-service attack via the email gateway (d1dfc4c7-8791-11e3-a371-6805ca0b3d42)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

The RT development team reports :

Versions of RT between 4.2.0 and 4.2.2 (inclusive) are vulnerable to a
denial-of-service attack via the email gateway; any installation which
accepts mail from untrusted sources is vulnerable, regardless of the
permissions configuration inside RT. This vulnerability is assigned

This vulnerability is caused by poor parsing performance in the
Email::Address::List module, which RT depends on. We recommend that
affected users upgrade their version of Email::Address::List to v0.02
or above, which resolves the issue. Due to a communications mishap,
the release on CPAN will temporarily appear as 'unauthorized,' and the
command-line cpan client will hence not install it. We expect this to
be resolved shortly; in the meantime, the release is also available
from our server.

See also :

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 72155 ()

Bugtraq ID:

CVE ID: CVE-2014-1474

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now