Vulnerabilities > CVE-2007-2958

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
sylpheed
sylpheed-claws
nessus

Summary

Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.

Vulnerable Configurations

Part Description Count
Application
Sylpheed
1
Application
Sylpheed-Claws
2

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200710-29.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200710-29 (Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code) Ulf Harnhammar from Secunia Research discovered a format string error in the inc_put_error() function in file src/inc.c. Impact : A remote attacker could entice a user to connect to a malicious POP server sending specially crafted replies, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id27580
    published2007-10-26
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27580
    titleGLSA-200710-29 : Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200710-29.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27580);
      script_version("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:44");
    
      script_cve_id("CVE-2007-2958");
      script_xref(name:"GLSA", value:"200710-29");
    
      script_name(english:"GLSA-200710-29 : Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200710-29
    (Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code)
    
        Ulf Harnhammar from Secunia Research discovered a format string error
        in the inc_put_error() function in file src/inc.c.
      
    Impact :
    
        A remote attacker could entice a user to connect to a malicious POP
        server sending specially crafted replies, possibly resulting in the
        execution of arbitrary code with the privileges of the user running the
        application.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200710-29"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Sylpheed users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=mail-client/sylpheed-2.4.5'
        All Claws Mail users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=mail-client/claws-mail-3.0.0'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:claws-mail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:sylpheed");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/10/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"mail-client/sylpheed", unaffected:make_list("ge 2.4.5"), vulnerable:make_list("lt 2.4.5"))) flag++;
    if (qpkg_check(package:"mail-client/claws-mail", unaffected:make_list("ge 3.0.0"), vulnerable:make_list("lt 3.0.0"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Sylpheed / Claws Mail");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_CLAWS-MAIL-4495.NASL
    descriptionThis update fixes a format string bug in the inc_put_error() function. This bug is triggered when error messages from the POP3 server are displayed and can be exploited remotely to execute arbitrary code. (CVE-2007-2958)
    last seen2020-06-01
    modified2020-06-02
    plugin id27186
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27186
    titleopenSUSE 10 Security Update : claws-mail (claws-mail-4495)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update claws-mail-4495.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27186);
      script_version ("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:29");
    
      script_cve_id("CVE-2007-2958");
    
      script_name(english:"openSUSE 10 Security Update : claws-mail (claws-mail-4495)");
      script_summary(english:"Check for the claws-mail-4495 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes a format string bug in the inc_put_error() function.
    This bug is triggered when error messages from the POP3 server are
    displayed and can be exploited remotely to execute arbitrary code.
    (CVE-2007-2958)"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected claws-mail packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:claws-mail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:claws-mail-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/10/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.3", reference:"claws-mail-2.10.0-35.2") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"claws-mail-devel-2.10.0-35.2") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "claws-mail");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-1841.NASL
    descriptionUlf Harnhammar (Secunia Research) has discovered a format string vulnerability in sylpheed and claws-mail in inc_put_error() function in src/inc.c when displaying POP3 error reply. Problem can be exploited by malicious POP3 server via specially crafted POP3 server replies containing format specifiers. Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into connecting to a malicious POP3 server. Secunia advisory: http://secunia.com/advisories/26550/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27736
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27736
    titleFedora 7 : sylpheed-2.3.1-5 (2007-1841)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2007-1841.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27736);
      script_version ("1.12");
      script_cvs_date("Date: 2019/08/02 13:32:25");
    
      script_cve_id("CVE-2007-2958");
      script_xref(name:"FEDORA", value:"2007-1841");
      script_xref(name:"Secunia", value:"26550");
    
      script_name(english:"Fedora 7 : sylpheed-2.3.1-5 (2007-1841)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Ulf Harnhammar (Secunia Research) has discovered a format string
    vulnerability in sylpheed and claws-mail in inc_put_error() function
    in src/inc.c when displaying POP3 error reply.
    
    Problem can be exploited by malicious POP3 server via specially
    crafted POP3 server replies containing format specifiers.
    
    Successful exploitation may allow execution of arbitrary code, but
    requires that the user is tricked into connecting to a malicious POP3
    server.
    
    Secunia advisory: http://secunia.com/advisories/26550/
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2007-August/003426.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?89e171cd"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected sylpheed and / or sylpheed-debuginfo packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:sylpheed");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:sylpheed-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/08/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC7", reference:"sylpheed-2.3.1-5")) flag++;
    if (rpm_check(release:"FC7", reference:"sylpheed-debuginfo-2.3.1-5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sylpheed / sylpheed-debuginfo");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SYLPHEED-CLAWS-4511.NASL
    descriptionThis update fixes a format string bug in the inc_put_error() function. This bug is triggered when error messages from the POP3 server are displayed and can be exploited remotely to execute arbitrary code. (CVE-2007-2958)
    last seen2020-06-01
    modified2020-06-02
    plugin id27461
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27461
    titleopenSUSE 10 Security Update : sylpheed-claws (sylpheed-claws-4511)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update sylpheed-claws-4511.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27461);
      script_version ("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:30");
    
      script_cve_id("CVE-2007-2958");
    
      script_name(english:"openSUSE 10 Security Update : sylpheed-claws (sylpheed-claws-4511)");
      script_summary(english:"Check for the sylpheed-claws-4511 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes a format string bug in the inc_put_error() function.
    This bug is triggered when error messages from the POP3 server are
    displayed and can be exploited remotely to execute arbitrary code.
    (CVE-2007-2958)"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected sylpheed-claws package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sylpheed-claws");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/10/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.1|SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.1", reference:"sylpheed-claws-1.0.3-26.4") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"sylpheed-claws-2.5.5-29") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sylpheed-claws");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_D9867F5054D011DCB80B0016179B2DD5.NASL
    descriptionA Secunia Advisory reports : A format string error in the
    last seen2020-06-01
    modified2020-06-02
    plugin id25943
    published2007-08-28
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25943
    titleFreeBSD : claws-mail -- POP3 Format String Vulnerability (d9867f50-54d0-11dc-b80b-0016179b2dd5)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25943);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:39");
    
      script_cve_id("CVE-2007-2958");
      script_xref(name:"Secunia", value:"26550");
    
      script_name(english:"FreeBSD : claws-mail -- POP3 Format String Vulnerability (d9867f50-54d0-11dc-b80b-0016179b2dd5)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A Secunia Advisory reports :
    
    A format string error in the 'inc_put_error()' function in src/inc.c
    when displaying a POP3 server's error response can be exploited via
    specially crafted POP3 server replies containing format specifiers.
    
    Successful exploitation may allow execution of arbitrary code, but
    requires that the user is tricked into connecting to a malicious POP3
    server."
      );
      # http://secunia.com/secunia_research/2007-70/advisory/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?cc154f49"
      );
      # https://vuxml.freebsd.org/freebsd/d9867f50-54d0-11dc-b80b-0016179b2dd5.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d39fd274"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:claws-mail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:sylpheed-claws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:sylpheed2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/08/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/08/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/08/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"claws-mail<2.10.0_3")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"sylpheed-claws<2.10.0_3")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"sylpheed2<2.4.4_1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-2009.NASL
    description - Mon Sep 3 2007 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 3.0.0-1 - version upgrade - new license tag (upstream switch to GPLv3+) - fix #254121 (CVE-2007-2958) - Wed Aug 22 2007 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 2.10.0-4 - new license tag - Wed Jul 18 2007 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 2.10.0-3 - build against libSM (#248675) - Mon Jul 16 2007 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 2.10.0-2 - add requires for bogofilter (#246125) - Tue Jul 3 2007 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 2.10.0-1 - version upgrade - fix #246230 - Tue May 15 2007 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> 2.9.2-1 - version upgrade Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27743
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27743
    titleFedora 7 : claws-mail-3.0.0-1.fc7 (2007-2009)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2007-2009.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27743);
      script_version ("1.12");
      script_cvs_date("Date: 2019/08/02 13:32:25");
    
      script_cve_id("CVE-2007-2958");
      script_xref(name:"FEDORA", value:"2007-2009");
    
      script_name(english:"Fedora 7 : claws-mail-3.0.0-1.fc7 (2007-2009)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Mon Sep 3 2007 Andreas Bierfert
        <andreas.bierfert[AT]lowlatency.de>
    
        - 3.0.0-1
    
        - version upgrade
    
        - new license tag (upstream switch to GPLv3+)
    
        - fix #254121 (CVE-2007-2958)
    
        - Wed Aug 22 2007 Andreas Bierfert
          <andreas.bierfert[AT]lowlatency.de>
    
        - 2.10.0-4
    
        - new license tag
    
        - Wed Jul 18 2007 Andreas Bierfert
          <andreas.bierfert[AT]lowlatency.de>
    
        - 2.10.0-3
    
        - build against libSM (#248675)
    
        - Mon Jul 16 2007 Andreas Bierfert
          <andreas.bierfert[AT]lowlatency.de>
    
        - 2.10.0-2
    
        - add requires for bogofilter (#246125)
    
        - Tue Jul 3 2007 Andreas Bierfert
          <andreas.bierfert[AT]lowlatency.de>
    
        - 2.10.0-1
    
        - version upgrade
    
        - fix #246230
    
        - Tue May 15 2007 Andreas Bierfert
          <andreas.bierfert[AT]lowlatency.de> 2.9.2-1
    
      - version upgrade
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2007-September/003596.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?af777da7"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:claws-mail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:claws-mail-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:claws-mail-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:claws-mail-plugins-bogofilter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:claws-mail-plugins-clamav");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:claws-mail-plugins-dillo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:claws-mail-plugins-pgp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:claws-mail-plugins-spamassassin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/09/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC7", reference:"claws-mail-3.0.0-1.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"claws-mail-debuginfo-3.0.0-1.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"claws-mail-devel-3.0.0-1.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"claws-mail-plugins-bogofilter-3.0.0-1.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"claws-mail-plugins-clamav-3.0.0-1.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"claws-mail-plugins-dillo-3.0.0-1.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"claws-mail-plugins-pgp-3.0.0-1.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"claws-mail-plugins-spamassassin-3.0.0-1.fc7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "claws-mail / claws-mail-debuginfo / claws-mail-devel / etc");
    }
    

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 25430 CVE(CAN) ID: CVE-2007-2958 Sylpheed和Sylpheed-Claws都是轻型的邮件客户端。 Sylpheed和Sylpheed-Claws在处理用户请求存在格式串处理漏洞,远程攻击者可能利用此漏洞控制客户端。 Sylpheed和Sylpheed-Claws邮件客户端的src/inc.c文件中的inc_put_error()函数在显示POP3服务器的错误响应时存在格式串漏洞处理,如果用户受骗连接到了恶意的POP3服务器并接收到包含有格式标识符的回复的话,就可能触发这个漏洞,导致执行任意指令。 Sylpheed Sylpheed 2.4.4 Sylpheed Sylpheed-Claws 2.10.0 Sylpheed Sylpheed-Claws 1.9.100 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://sylpheed.sraoss.jp/en/" target="_blank">http://sylpheed.sraoss.jp/en/</a>
idSSV:2171
last seen2017-11-19
modified2007-08-28
published2007-08-28
reporterRoot
titleSylpheed和Sylpheed-Claws POP3远程格式串处理漏洞

Statements

contributorMark J Cox
lastmodified2007-08-28
organizationRed Hat
statementNot vulnerable. This issue did not affect version of Sylpheed as shipped with Red Hat Enterprise Linux 2.1. Sylpheed and claws-mail are not shipped with Red Hat Enterprise Linux 3, 4, or 5.