|
|
Info |
Last Modified |
| 10 months ago |
|
|
|
|
Description |
Mail Notification contains a flaw that may allow a remote denial of service. The issue is triggered when an unparsable URI is passed to the soup_context_get() function in the Gmail module causing soup_context_get() to return a null value which, with certain libsoup configurations, will lead to a null pointer indirection and will result in loss of availability for the service.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Denial of Service
Impact:
Loss of Availability
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to version 0.7.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Do not monitor a Gmail mailbox. If you want to ensure that the faulty code will not be used, reinstall Mail Notification using the following commands:
$ ./configure --disable-gmail
$ make
$ make install
|
|
Products |
|
Mail Notification
 |
0.6.0 |
0.6.1 |
0.6.2 |
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
