Vulnerabilities > CVE-2007-2958
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 2 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200710-29.NASL description The remote host is affected by the vulnerability described in GLSA-200710-29 (Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code) Ulf Harnhammar from Secunia Research discovered a format string error in the inc_put_error() function in file src/inc.c. Impact : A remote attacker could entice a user to connect to a malicious POP server sending specially crafted replies, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 27580 published 2007-10-26 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27580 title GLSA-200710-29 : Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200710-29. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(27580); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2007-2958"); script_xref(name:"GLSA", value:"200710-29"); script_name(english:"GLSA-200710-29 : Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200710-29 (Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code) Ulf Harnhammar from Secunia Research discovered a format string error in the inc_put_error() function in file src/inc.c. Impact : A remote attacker could entice a user to connect to a malicious POP server sending specially crafted replies, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200710-29" ); script_set_attribute( attribute:"solution", value: "All Sylpheed users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/sylpheed-2.4.5' All Claws Mail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/claws-mail-3.0.0'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:claws-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:sylpheed"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"mail-client/sylpheed", unaffected:make_list("ge 2.4.5"), vulnerable:make_list("lt 2.4.5"))) flag++; if (qpkg_check(package:"mail-client/claws-mail", unaffected:make_list("ge 3.0.0"), vulnerable:make_list("lt 3.0.0"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Sylpheed / Claws Mail"); }NASL family SuSE Local Security Checks NASL id SUSE_CLAWS-MAIL-4495.NASL description This update fixes a format string bug in the inc_put_error() function. This bug is triggered when error messages from the POP3 server are displayed and can be exploited remotely to execute arbitrary code. (CVE-2007-2958) last seen 2020-06-01 modified 2020-06-02 plugin id 27186 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27186 title openSUSE 10 Security Update : claws-mail (claws-mail-4495) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update claws-mail-4495. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27186); script_version ("1.10"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2007-2958"); script_name(english:"openSUSE 10 Security Update : claws-mail (claws-mail-4495)"); script_summary(english:"Check for the claws-mail-4495 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes a format string bug in the inc_put_error() function. This bug is triggered when error messages from the POP3 server are displayed and can be exploited remotely to execute arbitrary code. (CVE-2007-2958)" ); script_set_attribute( attribute:"solution", value:"Update the affected claws-mail packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:claws-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:claws-mail-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.3", reference:"claws-mail-2.10.0-35.2") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"claws-mail-devel-2.10.0-35.2") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "claws-mail"); }NASL family Fedora Local Security Checks NASL id FEDORA_2007-1841.NASL description Ulf Harnhammar (Secunia Research) has discovered a format string vulnerability in sylpheed and claws-mail in inc_put_error() function in src/inc.c when displaying POP3 error reply. Problem can be exploited by malicious POP3 server via specially crafted POP3 server replies containing format specifiers. Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into connecting to a malicious POP3 server. Secunia advisory: http://secunia.com/advisories/26550/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27736 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27736 title Fedora 7 : sylpheed-2.3.1-5 (2007-1841) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-1841. # include("compat.inc"); if (description) { script_id(27736); script_version ("1.12"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_cve_id("CVE-2007-2958"); script_xref(name:"FEDORA", value:"2007-1841"); script_xref(name:"Secunia", value:"26550"); script_name(english:"Fedora 7 : sylpheed-2.3.1-5 (2007-1841)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Ulf Harnhammar (Secunia Research) has discovered a format string vulnerability in sylpheed and claws-mail in inc_put_error() function in src/inc.c when displaying POP3 error reply. Problem can be exploited by malicious POP3 server via specially crafted POP3 server replies containing format specifiers. Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into connecting to a malicious POP3 server. Secunia advisory: http://secunia.com/advisories/26550/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-August/003426.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?89e171cd" ); script_set_attribute( attribute:"solution", value:"Update the affected sylpheed and / or sylpheed-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:sylpheed"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:sylpheed-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2007/08/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"sylpheed-2.3.1-5")) flag++; if (rpm_check(release:"FC7", reference:"sylpheed-debuginfo-2.3.1-5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sylpheed / sylpheed-debuginfo"); }NASL family SuSE Local Security Checks NASL id SUSE_SYLPHEED-CLAWS-4511.NASL description This update fixes a format string bug in the inc_put_error() function. This bug is triggered when error messages from the POP3 server are displayed and can be exploited remotely to execute arbitrary code. (CVE-2007-2958) last seen 2020-06-01 modified 2020-06-02 plugin id 27461 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27461 title openSUSE 10 Security Update : sylpheed-claws (sylpheed-claws-4511) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update sylpheed-claws-4511. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27461); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:30"); script_cve_id("CVE-2007-2958"); script_name(english:"openSUSE 10 Security Update : sylpheed-claws (sylpheed-claws-4511)"); script_summary(english:"Check for the sylpheed-claws-4511 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes a format string bug in the inc_put_error() function. This bug is triggered when error messages from the POP3 server are displayed and can be exploited remotely to execute arbitrary code. (CVE-2007-2958)" ); script_set_attribute( attribute:"solution", value:"Update the affected sylpheed-claws package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sylpheed-claws"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1|SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"sylpheed-claws-1.0.3-26.4") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"sylpheed-claws-2.5.5-29") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sylpheed-claws"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_D9867F5054D011DCB80B0016179B2DD5.NASL description A Secunia Advisory reports : A format string error in the last seen 2020-06-01 modified 2020-06-02 plugin id 25943 published 2007-08-28 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25943 title FreeBSD : claws-mail -- POP3 Format String Vulnerability (d9867f50-54d0-11dc-b80b-0016179b2dd5) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(25943); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:39"); script_cve_id("CVE-2007-2958"); script_xref(name:"Secunia", value:"26550"); script_name(english:"FreeBSD : claws-mail -- POP3 Format String Vulnerability (d9867f50-54d0-11dc-b80b-0016179b2dd5)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "A Secunia Advisory reports : A format string error in the 'inc_put_error()' function in src/inc.c when displaying a POP3 server's error response can be exploited via specially crafted POP3 server replies containing format specifiers. Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into connecting to a malicious POP3 server." ); # http://secunia.com/secunia_research/2007-70/advisory/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cc154f49" ); # https://vuxml.freebsd.org/freebsd/d9867f50-54d0-11dc-b80b-0016179b2dd5.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d39fd274" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:claws-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:sylpheed-claws"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:sylpheed2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/08/24"); script_set_attribute(attribute:"patch_publication_date", value:"2007/08/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/08/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"claws-mail<2.10.0_3")) flag++; if (pkg_test(save_report:TRUE, pkg:"sylpheed-claws<2.10.0_3")) flag++; if (pkg_test(save_report:TRUE, pkg:"sylpheed2<2.4.4_1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2007-2009.NASL description - Mon Sep 3 2007 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 3.0.0-1 - version upgrade - new license tag (upstream switch to GPLv3+) - fix #254121 (CVE-2007-2958) - Wed Aug 22 2007 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 2.10.0-4 - new license tag - Wed Jul 18 2007 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 2.10.0-3 - build against libSM (#248675) - Mon Jul 16 2007 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 2.10.0-2 - add requires for bogofilter (#246125) - Tue Jul 3 2007 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 2.10.0-1 - version upgrade - fix #246230 - Tue May 15 2007 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> 2.9.2-1 - version upgrade Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27743 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27743 title Fedora 7 : claws-mail-3.0.0-1.fc7 (2007-2009) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-2009. # include("compat.inc"); if (description) { script_id(27743); script_version ("1.12"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_cve_id("CVE-2007-2958"); script_xref(name:"FEDORA", value:"2007-2009"); script_name(english:"Fedora 7 : claws-mail-3.0.0-1.fc7 (2007-2009)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Mon Sep 3 2007 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 3.0.0-1 - version upgrade - new license tag (upstream switch to GPLv3+) - fix #254121 (CVE-2007-2958) - Wed Aug 22 2007 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 2.10.0-4 - new license tag - Wed Jul 18 2007 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 2.10.0-3 - build against libSM (#248675) - Mon Jul 16 2007 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 2.10.0-2 - add requires for bogofilter (#246125) - Tue Jul 3 2007 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 2.10.0-1 - version upgrade - fix #246230 - Tue May 15 2007 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> 2.9.2-1 - version upgrade Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-September/003596.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?af777da7" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:claws-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:claws-mail-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:claws-mail-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:claws-mail-plugins-bogofilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:claws-mail-plugins-clamav"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:claws-mail-plugins-dillo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:claws-mail-plugins-pgp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:claws-mail-plugins-spamassassin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2007/09/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"claws-mail-3.0.0-1.fc7")) flag++; if (rpm_check(release:"FC7", reference:"claws-mail-debuginfo-3.0.0-1.fc7")) flag++; if (rpm_check(release:"FC7", reference:"claws-mail-devel-3.0.0-1.fc7")) flag++; if (rpm_check(release:"FC7", reference:"claws-mail-plugins-bogofilter-3.0.0-1.fc7")) flag++; if (rpm_check(release:"FC7", reference:"claws-mail-plugins-clamav-3.0.0-1.fc7")) flag++; if (rpm_check(release:"FC7", reference:"claws-mail-plugins-dillo-3.0.0-1.fc7")) flag++; if (rpm_check(release:"FC7", reference:"claws-mail-plugins-pgp-3.0.0-1.fc7")) flag++; if (rpm_check(release:"FC7", reference:"claws-mail-plugins-spamassassin-3.0.0-1.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "claws-mail / claws-mail-debuginfo / claws-mail-devel / etc"); }
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 25430 CVE(CAN) ID: CVE-2007-2958 Sylpheed和Sylpheed-Claws都是轻型的邮件客户端。 Sylpheed和Sylpheed-Claws在处理用户请求存在格式串处理漏洞,远程攻击者可能利用此漏洞控制客户端。 Sylpheed和Sylpheed-Claws邮件客户端的src/inc.c文件中的inc_put_error()函数在显示POP3服务器的错误响应时存在格式串漏洞处理,如果用户受骗连接到了恶意的POP3服务器并接收到包含有格式标识符的回复的话,就可能触发这个漏洞,导致执行任意指令。 Sylpheed Sylpheed 2.4.4 Sylpheed Sylpheed-Claws 2.10.0 Sylpheed Sylpheed-Claws 1.9.100 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://sylpheed.sraoss.jp/en/" target="_blank">http://sylpheed.sraoss.jp/en/</a> |
| id | SSV:2171 |
| last seen | 2017-11-19 |
| modified | 2007-08-28 |
| published | 2007-08-28 |
| reporter | Root |
| title | Sylpheed和Sylpheed-Claws POP3远程格式串处理漏洞 |
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-08-28 |
| organization | Red Hat |
| statement | Not vulnerable. This issue did not affect version of Sylpheed as shipped with Red Hat Enterprise Linux 2.1. Sylpheed and claws-mail are not shipped with Red Hat Enterprise Linux 3, 4, or 5. |
References
- http://bugs.gentoo.org/show_bug.cgi?id=190104
- http://osvdb.org/40184
- http://secunia.com/advisories/26550
- http://secunia.com/advisories/26610
- http://secunia.com/advisories/27229
- http://secunia.com/advisories/27379
- http://secunia.com/secunia_research/2007-70/advisory/
- http://security.gentoo.org/glsa/glsa-200710-29.xml
- http://www.novell.com/linux/security/advisories/2007_20_sr.html
- http://www.securityfocus.com/bid/25430
- http://www.vupen.com/english/advisories/2007/2971
- https://bugzilla.redhat.com/show_bug.cgi?id=254121
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36238
- https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00077.html