7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
25.5%
This advisory does only cover updated packages for Debian 3.0
alias woody. For reference below is the original advisory text:
>
> Two bugs have been discovered in qpopper, an enhanced Post Office
> Protocol (POP3) server. The Common Vulnerabilities and Exposures
> project identifies the following problems:
>
>
> * CAN-2005-1151
> Jens Steube discovered that while processing local files owned or
> provided by a normal user privileges weren’t dropped, which could
> lead to the overwriting or creation of arbitrary files as root.
>
> * CAN-2005-1152
> The upstream developers noticed that qpopper could be tricked to
> creating group- or world-writable files.
>
>
>
For the stable distribution (woody) these problems have been fixed in
version 4.0.4-2.woody.5.
For the testing distribution (sarge) these problems have been fixed in
version 4.0.5-4sarge1.
For the unstable distribution (sid) these problems will be fixed in
version 4.0.5-4sarge1.
We recommend that you upgrade your qpopper package.
CPE | Name | Operator | Version |
---|---|---|---|
qpopper | eq | 4.0.4-2.woody.1 | |
qpopper | eq | 4.0.4-2.woody.3 | |
qpopper | eq | 4.0.4-2.woody.4 |