|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200503-26] Sylpheed, Sylpheed-claws: Message reply overflow Vulnerability Scan
Vulnerability Scan Summary
Sylpheed, Sylpheed-claws: Message reply overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200503-26
(Sylpheed, Sylpheed-claws: Message reply overflow)
Sylpheed and Sylpheed-claws fail to properly handle non-ASCII
characters in email headers when composing reply messages.
Impact
A possible hacker can send an email containing a malicious non-ASCII
header which, when replied to, would cause the program to crash,
potentially allowing the execution of arbitrary code with the
rights of the user running the software.
Workaround
There is no known workaround at this time.
References:
http://sylpheed.good-day.net/#changes
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0667
Solution:
All Sylpheed users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/sylpheed-1.0.3"
All Sylpheed-claws users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/sylpheed-claws-1.0.3"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
