|
Family: Debian Local Security Checks --> Category: infos
[DSA347] DSA-347-1 teapop Vulnerability Scan
Vulnerability Scan Summary DSA-347-1 teapop
Detailed Explanation for this Vulnerability Test
teapop, a POP-3 server, includes modules for authenticating users
against a PostgreSQL or MySQL database. These modules do not properly
escape user-supplied strings before using them in SQL queries. This
vulnerability could be exploited to execute arbitrary SQL code under the
rights of the database user as which teapop has authenticated.
For the stable distribution (woody) this problem has been fixed in
version 0.3.4-1woody2.
For the unstable distribution (sid) this problem has been fixed in
version 0.3.5-2.
We recommend that you update your teapop package.
Solution : http://www.debian.org/security/2003/dsa-347
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|