GNU Mailutils <= 0.6 Multiple Vulnerabilities
High Nessus Plugin ID 18371
SynopsisThe remote mail server is affected by multiple issues.
DescriptionGNU Mailutils is a collection of mail utilities, including an IMAP4 daemon, a POP3 daemon, and a very simple mail client.
The remote host is running a version of GNU Mailutils containing several critical flaws in its IMAP4 daemon and its mail client 'mail'. By exploiting these issues, a remote attacker can cause a denial of service in the IMAP4 daemon and execute code remotely, either in the context of a local user or the user executing the daemon process, typically root.
In addition, it may suffer from a SQL injection flaw if configured to work with MySQL or Postgres. An attacker may be able to exploit this flaw to modify database queries when mailutils tries to authenticate a user, leading to disclosure of sensitive information or modification of data.
SolutionUpgrade to GNU Mailutils 0.6.90 or later.