Family: Debian Local Security Checks --> Category: infos
[DSA728] DSA-728-2 qpopper Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
This advisory does only cover updated packages for Debian 3.0
alias woody. For reference below is the original advisory text:
Two bugs have been discovered in qpopper, an enhanced Post Office
Protocol (POP3) server. The Common Vulnerabilities and Exposures
project identifies the following problems:
Jens Steube discovered that while processing local files owned or
provided by a normal user rights weren't dropped, which could
lead to the overwriting or creation of arbitrary files as root.
The upstream developers noticed that qpopper could be tricked to
creating group- or world-writable files.
For the stable distribution (woody) these problems have been fixed in
For the testing distribution (sarge) these problems have been fixed in
For the unstable distribution (sid) these problems will be fixed in
We recommend that you upgrade your qpopper package.
Solution : http://www.debian.org/security/2005/dsa-728
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.