Mandriva Linux Security Advisory : imapsync (MDVSA-2014:060)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

Updated imapsync package fixes security vulnerabilities :

Imapsync, by default, runs a release check when executed, which causes
imapsync to connect to http://imapsync.lamiral.info and send
information about the version of imapsync, the operating system and
perl (CVE-2013-4279).

The imapsync package has been patched to disable this feature.

In imapsync before 1.584, a certificate verification failure when
using the --tls option results in imapsync attempting a cleartext
login (CVE-2014-2014).

See also :

http://advisories.mageia.org/MGASA-2014-0106.html
http://advisories.mageia.org/MGASA-2014-0127.html

Solution :

Update the affected imapsync package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 73052 ()

Bugtraq ID: 65002
65582

CVE ID: CVE-2013-4279
CVE-2014-2014

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now