This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sylpheed First view 2003-11-17
Product Sylpheed Last view 2007-08-27
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:sylpheed:sylpheed:0.9.6:*:*:*:*:*:*:* 6
cpe:2.3:a:sylpheed:sylpheed:0.9.4:*:*:*:*:*:*:* 6
cpe:2.3:a:sylpheed:sylpheed:0.9.5:*:*:*:*:*:*:* 6
cpe:2.3:a:sylpheed:sylpheed:1.0.2:*:*:*:*:*:*:* 5
cpe:2.3:a:sylpheed:sylpheed:1.0.0:*:*:*:*:*:*:* 5
cpe:2.3:a:sylpheed:sylpheed:0.9.11:*:*:*:*:*:*:* 5
cpe:2.3:a:sylpheed:sylpheed:0.8.11:*:*:*:*:*:*:* 5
cpe:2.3:a:sylpheed:sylpheed:1.0.1:*:*:*:*:*:*:* 5
cpe:2.3:a:sylpheed:sylpheed:0.9.12:*:*:*:*:*:*:* 5
cpe:2.3:a:sylpheed:sylpheed:0.9.10:*:*:*:*:*:*:* 5
cpe:2.3:a:sylpheed:sylpheed:0.9.9:*:*:*:*:*:*:* 5
cpe:2.3:a:sylpheed:sylpheed:0.9.8:*:*:*:*:*:*:* 5
cpe:2.3:a:sylpheed:sylpheed:0.9.7:*:*:*:*:*:*:* 5
cpe:2.3:a:sylpheed:sylpheed:1.0.3:*:*:*:*:*:*:* 4
cpe:2.3:a:sylpheed:sylpheed:2.1.3:*:*:*:*:*:*:* 3
cpe:2.3:a:sylpheed:sylpheed:2.0.3:*:*:*:*:*:*:* 3
cpe:2.3:a:sylpheed:sylpheed:2.0.2:*:*:*:*:*:*:* 3
cpe:2.3:a:sylpheed:sylpheed:2.1.1:*:*:*:*:*:*:* 3
cpe:2.3:a:sylpheed:sylpheed:2.1:*:*:*:*:*:*:* 3
cpe:2.3:a:sylpheed:sylpheed:2.1.5:*:*:*:*:*:*:* 3
cpe:2.3:a:sylpheed:sylpheed:2.1.4:*:*:*:*:*:*:* 3
cpe:2.3:a:sylpheed:sylpheed:2.0.1:*:*:*:*:*:*:* 3
cpe:2.3:a:sylpheed:sylpheed:2.0:*:*:*:*:*:*:* 3
cpe:2.3:a:sylpheed:sylpheed:0.9.99:*:*:*:*:*:*:* 3
cpe:2.3:a:sylpheed:sylpheed:2.1.2:*:*:*:*:*:*:* 3
cpe:2.3:a:sylpheed:sylpheed:1.0.4:*:*:*:*:*:*:* 3
cpe:2.3:a:sylpheed:sylpheed:2.4.4:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
6.8 2007-08-27 CVE-2007-2958

Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.

5 2007-03-06 CVE-2007-1267

Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

2.6 2006-06-08 CVE-2006-2920

Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character.

5.1 2005-11-20 CVE-2005-3354

Stack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines.

5.1 2005-05-02 CVE-2005-0926

Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attachments with MIME-encoded file names.

5.1 2005-03-07 CVE-2005-0667

Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.

5 2003-11-17 CVE-2003-0852

Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 through 0.9.6 allows remote SMTP servers to cause a denial of service (crash) in sylpheed via format strings in an error message.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
50% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
40184 Sylpheed / Sylpheed-Claws src/inc.c inc_put_error Function POP3 Server Respon...
33502 Multiple Mail Client --status-fd GnuPG Invocation Spoofed Content Weakness
26229 Sylpheed Unspecified URI Check Bypass
20675 Sylpheed Address Book LDIF Import Overflow
15125 Sylpheed MIME-encoded Attachment Filename Overflow
14570 Sylpheed Message Header Processing Overflow
8332 Sylpheed-claws send_message.c Error Message Overflow

OpenVAS Exploits

id Description
2009-02-27 Name : Fedora Update for sylpheed FEDORA-2007-1841
File : nvt/gb_fedora_2007_1841_sylpheed_fc7.nasl
2009-02-27 Name : Fedora Update for claws-mail FEDORA-2007-2009
File : nvt/gb_fedora_2007_2009_claws-mail_fc7.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200503-26 (sylpheed sylpheed-claws)
File : nvt/glsa_200503_26.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200511-13 (sylpheed sylpheed-claws)
File : nvt/glsa_200511_13.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200710-29 (sylpheed claws-mail)
File : nvt/glsa_200710_29.nasl
2008-09-04 Name : FreeBSD Ports: claws-mail, sylpheed-claws
File : nvt/freebsd_claws-mail.nasl
2008-09-04 Name : FreeBSD Ports: sylpheed, sylpheed-claws, sylpheed-gtk2
File : nvt/freebsd_sylpheed.nasl
2008-09-04 Name : FreeBSD Ports: sylpheed, sylpheed-gtk2, sylpheed-claws
File : nvt/freebsd_sylpheed0.nasl
2008-01-17 Name : Debian Security Advisory DSA 906-1 (sylpheed)
File : nvt/deb_906_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 908-1 (sylpheed-claws)
File : nvt/deb_908_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 924-1 (nbd)
File : nvt/deb_924_1.nasl

Nessus® Vulnerability Scanner

id Description
2007-11-10 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-432-1.nasl - Type: ACT_GATHER_INFO
2007-11-06 Name: The remote Fedora host is missing a security update.
File: fedora_2007-1841.nasl - Type: ACT_GATHER_INFO
2007-11-06 Name: The remote Fedora host is missing a security update.
File: fedora_2007-2009.nasl - Type: ACT_GATHER_INFO
2007-10-26 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200710-29.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote openSUSE host is missing a security update.
File: suse_sylpheed-claws-4511.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote openSUSE host is missing a security update.
File: suse_claws-mail-4495.nasl - Type: ACT_GATHER_INFO
2007-08-28 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_d9867f5054d011dcb80b0016179b2dd5.nasl - Type: ACT_GATHER_INFO
2007-03-12 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2007-059.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-908.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-906.nasl - Type: ACT_GATHER_INFO
2006-01-21 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-237-1.nasl - Type: ACT_GATHER_INFO
2006-01-21 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-238-1.nasl - Type: ACT_GATHER_INFO
2005-11-21 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200511-13.nasl - Type: ACT_GATHER_INFO
2005-11-15 Name: The remote Fedora Core host is missing a security update.
File: fedora_2005-1063.nasl - Type: ACT_GATHER_INFO
2005-09-12 Name: The remote Fedora Core host is missing a security update.
File: fedora_2005-211.nasl - Type: ACT_GATHER_INFO
2005-08-01 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_b1e8c81001d011dabc080001020eed82.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_f85361439bc411d9b8b3000a95bc6fae.nasl - Type: ACT_GATHER_INFO
2005-05-19 Name: The remote Fedora Core host is missing a security update.
File: fedora_2005-224.nasl - Type: ACT_GATHER_INFO
2005-03-21 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200503-26.nasl - Type: ACT_GATHER_INFO
2005-03-18 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2005-303.nasl - Type: ACT_GATHER_INFO