FreeBSD Ports: Qpopper Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://secunia.com/advisories/15475/ http://www.vuxml.org/freebsd/eb29a575-3381-11da-8340-000e0c2e438a.html

Insight

The following package is affected: qpopper CVE-2005-1151 qpopper 4.0.5 and earlier does not properly drop privileges before processing certain user-supplied files, which allows local users to overwrite or create arbitrary files as root. CVE-2005-1152 popauth.c in qpopper 4.0.5 and earlier does not properly set the umask, which may cause qpopper to create files with group or world-writable permissions.

Severity

Classification

CVE CVE-2005-1151, CVE-2005-1152

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

FreeBSD Ports: bitlbee
FreeBSD Ports: bogofilter
FreeBSD Ports: chromium
FreeBSD Ports: courier
FreeBSD Ports: bugzilla

FreeBSD Ports: qpopper

Take action and discover your vulnerabilities