Test ID:	1.3.6.1.4.1.25623.1.0.60824
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 200804-24 (dbmail)
Summary:	The remote host is missing updates announced in;advisory GLSA 200804-24.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 200804-24. Vulnerability Insight: A vulnerability in DBMail could allow for passwordless login to any account under certain configurations. Solution: All DBMail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-mail/dbmail-2.2.9' CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6714 BugTraq ID: 28849 http://www.securityfocus.com/bid/28849 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00549.html https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00585.html http://www.gentoo.org/security/en/glsa/glsa-200804-24.xml http://www.mail-archive.com/dbmail-dev@dbmail.org/msg09942.html http://osvdb.org/44561 http://www.securitytracker.com/id?1019914 http://secunia.com/advisories/29903 http://secunia.com/advisories/29937 http://secunia.com/advisories/29984 http://www.vupen.com/english/advisories/2008/1321/references XForce ISS Database: dbmail-authldap-security-bypass(41907) https://exchange.xforce.ibmcloud.com/vulnerabilities/41907
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.