Sylpheed < 1.0.3 Invalid Header Overflow
High Nessus Network Monitor Plugin ID 2672
SynopsisThe remote host is vulnerable to a buffer overflow.
DescriptionThe remote client is running Sylpheed, an email client for Unix and Unix-like operating systems. This version is vulnerable to a buffer overflow via invalid headers. Specifically, if a specially crafted email message is replied to, a buffer overflow may occur on the local machine. To exploit this, an attacker would need to be able to craft an email and entice a local user to both read and reply to the email. Successful exploitation would result in the attacker executing arbitrary code on the remote client.
SolutionUpgrade to version 1.0.3 or higher.