Qpopper < 4.0.6 Multiple Insecure File Handling Local Privilege Escalation
High Nessus Plugin ID 18361
SynopsisThe remote POP3 server is affected by multiple file handling flaws.
DescriptionAccording to its banner, the remote host is running a version of the Qpopper POP3 server that suffers from two local, insecure file handling vulnerabilities. First, it fails to properly drop root privileges when processing certain local files, which could lead to overwriting or creation of arbitrary files as root. And second, it fails to set the process umask, potentially allowing creation of group- or world-writable files.
SolutionUpgrade to Qpopper 4.0.6 or later.