Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2002:036: fetchmail Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the fetchmail package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2002:036 (fetchmail).
A problem was discovered with versions of fetchmail prior to 5.9.10 that was
triggered by retreiving mail from an IMAP server. The fetchmail client will
allocate an array to store the sizes of the messages it is attempting to
retrieve. This array size is acertaind by the number of messages the server is
claiming to have, and fetchmail would not check whether or not the number of
messages the server was claiming was too high. This would allow a malicious
server to make the fetchmail process write data outside of the array bounds.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2002:036
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.