|
|
Family: Debian Local Security Checks --> Category: infos
[DSA728] DSA-728-2 qpopper Vulnerability Scan
Vulnerability Scan Summary
DSA-728-2 qpopper
Detailed Explanation for this Vulnerability Test
This advisory does only cover updated packages for Debian 3.0
alias woody. For reference below is the original advisory text:
Two bugs have been discovered in qpopper, an enhanced Post Office
Protocol (POP3) server. The Common Vulnerabilities and Exposures
project identifies the following problems:
Jens Steube discovered that while processing local files owned or
provided by a normal user rights weren't dropped, which could
lead to the overwriting or creation of arbitrary files as root.
The upstream developers noticed that qpopper could be tricked to
creating group- or world-writable files.
For the stable distribution (woody) these problems have been fixed in
version 4.0.4-2.woody.5.
For the testing distribution (sarge) these problems have been fixed in
version 4.0.5-4sarge1.
For the unstable distribution (sid) these problems will be fixed in
version 4.0.5-4sarge1.
We recommend that you upgrade your qpopper package.
Solution : http://www.debian.org/security/2005/dsa-728
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
