Family: Debian Local Security Checks --> Category: infos
[DSA071] DSA-071-1 fetchmail Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Salvatore Sanfilippo found two remotely exploitable problems in
fetchmail while doing a security audit. In both the IMAP code
and the POP3 code, the input isn't verified even though it's used to store
a number in an array. Since
no bounds checking is done this can be used by a possible hacker to write
arbitrary data in memory. A possible hacker can use this if they can get a user
to transfer mail from a custom IMAP or POP3 server they control.
This has been fixed in version 5.3.3-3, we recommend that you
update your fetchmail packages immediately.
Solution : http://www.debian.org/security/2001/dsa-071
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.