Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Sylpheed < 2.0.4 Address Book LDIF Import Overflow

Medium

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote client is running Sylpheed, an email client for Unix and Unix-like operating systems. This version is vulnerable to a buffer overflow via specially crafted email messages. An attacker exploiting this flaw would need to be able to convince a user to open a malicious email message and importing an attached LDIF file into their address book. Successful exploitation would lead to a Denial of Service or remote code execution.

Solution

Upgrade to version 2.0.4 or higher.