Nessus Plugin #15184
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[DSA347] DSA-347-1 teapop
- Family:
- Debian Local Security Checks
- Category:
- infos
- Copyright:
- This script is (C) 2004 Michel Arboi
- Summary:
- DSA-347-1 teapop
- Version:
- $Revision: 1.4 $
- Cve_id:
- CAN-2003-0515
- Bugtraq_id:
- 8146
- Xrefs:
- DSA:347
- Description:
teapop, a POP-3 server, includes modules for authenticating users
against a PostgreSQL or MySQL database. These modules do not properly
escape user-supplied strings before using them in SQL queries. This
vulnerability could be exploited to execute arbitrary SQL code under the
privileges of the database user as which teapop has authenticated.
For the stable distribution (woody) this problem has been fixed in
version 0.3.4-1woody2.
For the unstable distribution (sid) this problem has been fixed in
version 0.3.5-2.
We recommend that you update your teapop package.
Solution : http://www.debian.org/security/2003/dsa-347
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.