claws-mail -- POP3 Format String Vulnerability

2007-08-24T00:00:00
ID D9867F50-54D0-11DC-B80B-0016179B2DD5
Type freebsd
Reporter FreeBSD
Modified 2010-05-12T00:00:00

Description

A Secunia Advisory reports:

A format string error in the "inc_put_error()" function in src/inc.c when displaying a POP3 server's error response can be exploited via specially crafted POP3 server replies containing format specifiers. Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into connecting to a malicious POP3 server.