Oracle Solaris Third-Party Patch Update : procmail (cve_2014_3618_buffer_errors)
High Nessus Plugin ID 80741
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to 'unbalanced quotes.' (CVE-2014-3618)
SolutionUpgrade to Solaris 22.214.171.124.1.