Detections
Analytics

FreeBSD : kdelibs4 -- KMail/KIO POP3 SSL Man-in-the-middle Flaw (4a114331-0d24-11e4-8dd2-5453ed2e2b49)

medium Nessus Plugin ID 76543

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Richard J. Moore reports :

The POP3 kioslave used by KMail will accept invalid certificates without presenting a dialog to the user due a bug that leads to an inability to display the dialog combined with an error in the way the result is checked.

This flaw allows an active attacker to perform MITM attacks against the ioslave which could result in the leakage of sensitive data such as the authentication details and the contents of emails.

Solution

Update the affected package.

See Also

https://marc.info/?l=kde-announce&m=140312275318160&w=2

http://www.nessus.org/u?390da699

Plugin Details

Severity: Medium

ID: 76543

File Name: freebsd_pkg_4a1143310d2411e48dd25453ed2e2b49.nasl

Version: 1.6

Type: local

Published: 7/17/2014

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.5

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:kdelibs, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 7/16/2014

Vulnerability Publication Date: 6/17/2014

Reference Information

CVE: CVE-2014-3494

BID: 68113