FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

claws-mail -- POP3 Format String Vulnerability

Affected packages
claws-mail < 2.10.0_3
sylpheed-claws < 2.10.0_3
sylpheed2 < 2.4.4_1

Details

VuXML ID d9867f50-54d0-11dc-b80b-0016179b2dd5
Discovery 2007-08-24
Entry 2007-08-27
Modified 2010-05-12

A Secunia Advisory reports:

A format string error in the "inc_put_error()" function in src/inc.c when displaying a POP3 server's error response can be exploited via specially crafted POP3 server replies containing format specifiers.

Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into connecting to a malicious POP3 server.

References

CVE Name CVE-2007-2958
URL http://secunia.com/advisories/26550/
URL http://secunia.com/secunia_research/2007-70/advisory/