Sylpheed POP3 Format String Vulnerability
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
claws-mail (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Dapper |
Invalid
|
Undecided
|
Unassigned | ||
Edgy |
Invalid
|
Undecided
|
Unassigned | ||
Feisty |
Invalid
|
Undecided
|
Unassigned | ||
Gutsy |
Fix Released
|
Medium
|
Unassigned | ||
sylpheed (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
Dapper |
Fix Released
|
Undecided
|
Unassigned | ||
Edgy |
Fix Released
|
Undecided
|
Unassigned | ||
Feisty |
Fix Released
|
Undecided
|
Unassigned | ||
Gutsy |
Invalid
|
Medium
|
Unassigned | ||
sylpheed-claws (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
Dapper |
Fix Released
|
Undecided
|
Unassigned | ||
Edgy |
Fix Released
|
Undecided
|
Unassigned | ||
Feisty |
Fix Released
|
Undecided
|
Unassigned | ||
Gutsy |
Invalid
|
Medium
|
Unassigned | ||
sylpheed-claws-gtk2 (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
Dapper |
Fix Released
|
Undecided
|
Unassigned | ||
Edgy |
Fix Released
|
Undecided
|
Unassigned | ||
Feisty |
Fix Released
|
Undecided
|
Unassigned | ||
Gutsy |
Invalid
|
Medium
|
Unassigned |
Bug Description
I found this on secunia: http://
affected Software: Sylpheed 2.x
Description:
Secunia Research has discovered a vulnerability in Sylpheed and Sylpheed-Claws (Claws Mail), which can be exploited by malicious people to compromise a vulnerable system.
A format string error in the "inc_put_error()" function in src/inc.c when displaying a POP3 server's error response can be exploited via specially crafted POP3 server replies containing format specifiers.
Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into connecting to a malicious POP3 server.
A fixed version has been released in the meanwhile:
Sylpheed 2.4.5 has been released.
This is a security fix release. All users are recommended to upgrade.
http://
http://
* The vulnerability that may be exploited by malicious POP3 server
was fixed.
http://
* The potential crash bug in address completion was fixed.
* The signature separator '--' is not joined on line wrapping now.
Could you please upgrade the repos to this fix?
bye
Related branches
CVE References
Changed in sylpheed-claws: | |
assignee: | nobody → norsetto |
status: | Triaged → In Progress |
Changed in sylpheed-claws-gtk2: | |
assignee: | nobody → norsetto |
status: | Triaged → In Progress |
Changed in sylpheed-claws-gtk2: | |
assignee: | nobody → norsetto |
Changed in sylpheed-claws: | |
status: | New → In Progress |
status: | New → In Progress |
Changed in sylpheed-claws-gtk2: | |
status: | New → In Progress |
status: | New → In Progress |
status: | New → In Progress |
Changed in claws-mail: | |
status: | Invalid → Confirmed |
Changed in sylpheed-claws-gtk2: | |
status: | Confirmed → Fix Released |
status: | Confirmed → Fix Released |
Changed in sylpheed: | |
status: | Confirmed → Fix Released |
status: | Confirmed → Fix Released |
Changed in sylpheed-claws: | |
status: | Confirmed → Fix Released |
status: | Invalid → Triaged |
status: | Confirmed → Fix Released |
Changed in sylpheed-claws: | |
status: | Triaged → Invalid |
Changed in sylpheed: | |
assignee: | nobody → norsetto |
status: | Invalid → In Progress |
Thanks for taking the time to report this bug and helping to make Ubuntu better. If someone can prepare (and test) the fixes and attach debdiffs that follow the [https:/ /wiki.ubuntu. com/SecurityUpd ateProcedures], I'd be more than happy to get them uploaded.