Sylpheed < 2.0.4 Address Book LDIF Import Overflow
Medium Nessus Network Monitor Plugin ID 3285
SynopsisThe remote host is vulnerable to a buffer overflow.
DescriptionThe remote client is running Sylpheed, an email client for Unix and Unix-like operating systems. This version is vulnerable to a buffer overflow via specially crafted email messages. An attacker exploiting this flaw would need to be able to convince a user to open a malicious email message and importing an attached LDIF file into their address book. Successful exploitation would lead to a Denial of Service or remote code execution.
SolutionUpgrade to version 2.0.4 or higher.