Detections
Analytics

Fedora 12 : roundcubemail-0.3.1-2.fc12 (2010-1385)

medium Nessus Plugin ID 47253

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0464 to the following vulnerability: Name: CVE-2010-0464 URL:
http://cve.mitre.org /cgi-bin/cvename.cgi?name=CVE-2010-0464 Assigned:
20100129 Reference: MISC:
https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_W ebmail Reference: CONFIRM: http://trac.roundcube.net/ticket/1486449 Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected roundcubemail package.

See Also

http://cve.mitre.org

https://github.com/roundcube/roundcubemail/issues/2639

https://bugzilla.redhat.com/show_bug.cgi?id=560142

http://www.nessus.org/u?fad72c94

http://www.nessus.org/u?c7dd89e9

Plugin Details

Severity: Medium

ID: 47253

File Name: fedora_2010-1385.nasl

Version: 1.12

Type: local

Agent: unix

Published: 7/1/2010

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:roundcubemail, cpe:/o:fedoraproject:fedora:12

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2/2/2010

Reference Information

CVE: CVE-2010-0464

CWE: 200

FEDORA: 2010-1385