|
Family: Misc. --> Category: infos
Qpopper Insecure File Handling Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for insecure file handling vulnerabilities in Qpopper
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote POP3 server is affected by multiple file handling flaws.
Description :
According to its banner, the remote host is running a version of the
Qpopper POP3 server that suffers from two local, insecure file
handling vulnerabilities. First, it fails to properly drop root
rights when processing certain local files, which could lead to
overwriting or creation of arbitrary files as root. And second, it
fails to set the process umask, potentially allowing creation of
group- or world-writable files.
See also :
http://bugs.gentoo.org/show_bug.cgi?id=90622
http://www.mail-archive.com/qpopper@lists.pensive.org/msg05140.html
Solution :
Upgrade to Qpopper 4.0.6 or later.
Threat Level:
High / CVSS Base Score : 7
(AV:L/AC:L/Au:NR/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|