Gentoo Security Advisory GLSA 200409-01 (vpopmail) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200409-01.

Solution

All vpopmail users should upgrade to the latest version: # emerge sync # emerge -pv '>=net-mail/vpopmail-5.4.6' # emerge '>=net-mail/vpopmail-5.4.6' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200409-01 http://bugs.gentoo.org/show_bug.cgi?id=60844 http://sourceforge.net/forum/forum.php?forum_id=400873 http://www.securityfocus.com/archive/1/371913/2004-08-15/2004-08-21/0

Insight

vpopmail contains several bugs making it vulnerable to several SQL injection exploits as well as one buffer overflow and one format string exploit when using Sybase. This could lead to the execution of arbitrary code.

Severity

Classification

CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Gentoo Security Advisory GLSA 200409-03 (Python)
Gentoo Security Advisory GLSA 200312-04 (CVS)
Gentoo Security Advisory GLSA 200407-21 (Samba)
Gentoo Security Advisory GLSA 200403-09 (mc)
Gentoo Security Advisory GLSA 200407-22 (dev-db/phpmyadmin)

Take action and discover your vulnerabilities