ID CVE-2007-2958
Summary Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.
References
Vulnerable Configurations
  • cpe:2.3:a:sylpheed-claws:sylpheed-claws:1.9.100
    cpe:2.3:a:sylpheed-claws:sylpheed-claws:1.9.100
  • cpe:2.3:a:sylpheed-claws:sylpheed-claws:2.10.0
    cpe:2.3:a:sylpheed-claws:sylpheed-claws:2.10.0
  • cpe:2.3:a:sylpheed:sylpheed:2.4.4
    cpe:2.3:a:sylpheed:sylpheed:2.4.4
CVSS
Base: 6.8 (as of 27-08-2007 - 15:22)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-1841.NASL
    description Ulf Harnhammar (Secunia Research) has discovered a format string vulnerability in sylpheed and claws-mail in inc_put_error() function in src/inc.c when displaying POP3 error reply. Problem can be exploited by malicious POP3 server via specially crafted POP3 server replies containing format specifiers. Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into connecting to a malicious POP3 server. Secunia advisory: http://secunia.com/advisories/26550/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27736
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27736
    title Fedora 7 : sylpheed-2.3.1-5 (2007-1841)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-2009.NASL
    description - Mon Sep 3 2007 Andreas Bierfert - 3.0.0-1 - version upgrade - new license tag (upstream switch to GPLv3+) - fix #254121 (CVE-2007-2958) - Wed Aug 22 2007 Andreas Bierfert - 2.10.0-4 - new license tag - Wed Jul 18 2007 Andreas Bierfert - 2.10.0-3 - build against libSM (#248675) - Mon Jul 16 2007 Andreas Bierfert - 2.10.0-2 - add requires for bogofilter (#246125) - Tue Jul 3 2007 Andreas Bierfert - 2.10.0-1 - version upgrade - fix #246230 - Tue May 15 2007 Andreas Bierfert 2.9.2-1 - version upgrade Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27743
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27743
    title Fedora 7 : claws-mail-3.0.0-1.fc7 (2007-2009)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CLAWS-MAIL-4495.NASL
    description This update fixes a format string bug in the inc_put_error() function. This bug is triggered when error messages from the POP3 server are displayed and can be exploited remotely to execute arbitrary code. (CVE-2007-2958)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 27186
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27186
    title openSUSE 10 Security Update : claws-mail (claws-mail-4495)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_D9867F5054D011DCB80B0016179B2DD5.NASL
    description A Secunia Advisory reports : A format string error in the 'inc_put_error()' function in src/inc.c when displaying a POP3 server's error response can be exploited via specially crafted POP3 server replies containing format specifiers. Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into connecting to a malicious POP3 server.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 25943
    published 2007-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25943
    title FreeBSD : claws-mail -- POP3 Format String Vulnerability (d9867f50-54d0-11dc-b80b-0016179b2dd5)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SYLPHEED-CLAWS-4511.NASL
    description This update fixes a format string bug in the inc_put_error() function. This bug is triggered when error messages from the POP3 server are displayed and can be exploited remotely to execute arbitrary code. (CVE-2007-2958)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27461
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27461
    title openSUSE 10 Security Update : sylpheed-claws (sylpheed-claws-4511)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200710-29.NASL
    description The remote host is affected by the vulnerability described in GLSA-200710-29 (Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code) Ulf Harnhammar from Secunia Research discovered a format string error in the inc_put_error() function in file src/inc.c. Impact : A remote attacker could entice a user to connect to a malicious POP server sending specially crafted replies, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 27580
    published 2007-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27580
    title GLSA-200710-29 : Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code
refmap via4
bid 25430
confirm http://bugs.gentoo.org/show_bug.cgi?id=190104
fedora FEDORA-2007-2009
gentoo GLSA-200710-29
misc
osvdb 40184
secunia
  • 26550
  • 26610
  • 27229
  • 27379
suse SUSE-SR:2007:020
vupen ADV-2007-2971
xf sylpheed-incputerror-format-string(36238)
statements via4
contributor Mark J Cox
lastmodified 2007-08-28
organization Red Hat
statement Not vulnerable. This issue did not affect version of Sylpheed as shipped with Red Hat Enterprise Linux 2.1. Sylpheed and claws-mail are not shipped with Red Hat Enterprise Linux 3, 4, or 5.
Last major update 07-03-2011 - 21:55
Published 27-08-2007 - 13:17
Last modified 28-07-2017 - 21:31
Back to Top