FreeBSD : kdelibs4 -- KMail/KIO POP3 SSL Man-in-the-middle Flaw (4a114331-0d24-11e4-8dd2-5453ed2e2b49)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Richard J. Moore reports :

The POP3 kioslave used by KMail will accept invalid certificates
without presenting a dialog to the user due a bug that leads to an
inability to display the dialog combined with an error in the way the
result is checked.

This flaw allows an active attacker to perform MITM attacks against
the ioslave which could result in the leakage of sensitive data such
as the authentication details and the contents of emails.

See also :

http://lists.kde.org/?l=kde-announce&m=140312275318160&w=2
http://www.nessus.org/u?5765a846

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 76543 ()

Bugtraq ID: 68113

CVE ID: CVE-2014-3494

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now