|
Family: Gain a shell remotely --> Category: attack
GNU Mailutils imap4d Search Command Format String Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for search command format string vulnerability in GNU Mailutils imap4d
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote IMAP server is affected by a format string vulnerability.
Description :
GNU Mailutils is a collection of mail utilities, including an IMAP4
daemon, a POP3 daemon, and a very simple mail client.
The remote host is running a version of GNU Mailutils containing a
format string vulnerability in its IMAP4 daemon. By exploiting these
issues, a remote attacker may be able to execute code remotely in the
context of the user executing the daemon process, typically root.
See also :
http://www.idefense.com/application/poi/display?id=303&type=vulnerabilities
http://savannah.gnu.org/patch/index.php?func=detailitem&item_id=4407
Solution :
Apply the patch referenced in the vendor advisory above.
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:R/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|