CERTA-2005-AVI-180
Vulnerability from certfr_avis - Published: 2005-05-27 - Updated: 2005-11-21None
Description
Deux vulnérabilités ont été découvertes dans Qpopper, qui est un serveur POP3.
Elles permettent à un utilisateur local mal intentionné d'augmenter ses privilèges.
Solution
Mettre à jour Qpopper dans la dernière version :
- pour Debian 3.0, il s'agit de la version 4.0.4-2.woody.5 ;
- pour les autres distributions, il s'agit de la version 4.0.5-r3.
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Pour Debian 3.0 (woody), toutes les versions de Qpopper ant\u00e9rieures \u00e0 la version 4.0.4-2.woody.5 sont vuln\u00e9rables ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
},
{
"description": "pour les autres distributions, toutes les versions de Qpopper ant\u00e9rieures \u00e0 la version 4.0.5-r3 sont vuln\u00e9rables.",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Qpopper, qui est un serveur\nPOP3.\n\nElles permettent \u00e0 un utilisateur local mal intentionn\u00e9 d\u0027augmenter ses\nprivil\u00e8ges.\n\n## Solution\n\nMettre \u00e0 jour Qpopper dans la derni\u00e8re version :\n\n- pour Debian 3.0, il s\u0027agit de la version 4.0.4-2.woody.5 ;\n- pour les autres distributions, il s\u0027agit de la version 4.0.5-r3.\n",
"cves": [],
"initial_release_date": "2005-05-27T00:00:00",
"last_revision_date": "2005-11-21T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200505-17/Qpopper du 23 mai 2005 :",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200505-17.xml"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SR:2005:014 du 07 juin 2005 :",
"url": "http://www.novell.com/linux/security/advisories/2005_14_sr.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 FreeBSD pour qpopper du 07 novembre 2005 :",
"url": "http://www.vuxml.org/freebsd/pkg-qpopper.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-728-2 :",
"url": "http://www.debian.org/security/2005/dsa-728"
}
],
"reference": "CERTA-2005-AVI-180",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2005-05-27T00:00:00.000000"
},
{
"description": "ajout r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 SUSE.",
"revision_date": "2005-06-08T00:00:00.000000"
},
{
"description": "ajout r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 FreeBSD.",
"revision_date": "2005-11-21T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": null,
"title": "Vuln\u00e9rabilit\u00e9s dans Qpopper",
"vendor_advisories": [
{
"published_at": null,
"title": "Avis de s\u00e9curit\u00e9 Gentoo GLSA 200505-17",
"url": null
},
{
"published_at": null,
"title": "Avis de s\u00e9curit\u00e9 Debian DSA-728-2",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…