FreeBSD : claws-mail -- POP3 Format String Vulnerability (d9867f50-54d0-11dc-b80b-0016179b2dd5)
Medium Nessus Plugin ID 25943
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionA Secunia Advisory reports :
A format string error in the 'inc_put_error()' function in src/inc.c when displaying a POP3 server's error response can be exploited via specially crafted POP3 server replies containing format specifiers.
Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into connecting to a malicious POP3 server.
SolutionUpdate the affected packages.