Summary
The remote host is missing an update to php-pear-Mail announced via advisory FEDORA-2009-12395.
Solution
Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update php-pear-Mail' at the command line.
For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12395
Insight
Update Information:
Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape content of mail header fields, when using the sendmail backend. A remote attacker could send an email message, with specially-crafted headers to local user, leading to disclosure of content and potentially, to modification of arbitrary system file, once the email message was processed by the PEAR's Mail class.
ChangeLog:
* Fri Nov 27 2009 Remi Collet 1.1.14-5
- Fix CVE-2009-4023 (#540842)
- rename Mail.xml to php-pear-Mail.xml
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-4023, CVE-2009-4111 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities