This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
The RT development team reports :
Versions of RT between 4.2.0 and 4.2.2 (inclusive) are vulnerable to a
denial-of-service attack via the email gateway; any installation which
accepts mail from untrusted sources is vulnerable, regardless of the
permissions configuration inside RT. This vulnerability is assigned
This vulnerability is caused by poor parsing performance in the
Email::Address::List module, which RT depends on. We recommend that
affected users upgrade their version of Email::Address::List to v0.02
or above, which resolves the issue. Due to a communications mishap,
the release on CPAN will temporarily appear as 'unauthorized,' and the
command-line cpan client will hence not install it. We expect this to
be resolved shortly; in the meantime, the release is also available
from our server.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0