Family: Ubuntu Local Security Checks --> Category: infos
USN153-1 : fetchmail vulnerability Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
These remote packages are missing security patches :
Ross Boylan discovered a remote buffer overflow in fetchmail. By
sending invalid responses with very long UIDs, a faulty or malicious
POP server could crash fetchmail or execute arbitrary code with the
rights of the user invoking fetchmail.
fetchmail is commonly run as root to fetch mail for multiple user
in this case, this vulnerability could be exploited to
compromise the whole system.
Upgrade to :
- fetchmail-6.2.5-12ubuntu1.1 (Ubuntu 5.04)
- fetchmail-ssl-6.2.5-12ubuntu1.1 (Ubuntu 5.04)
- fetchmailconf-6.2.5-12ubuntu1.1 (Ubuntu 5.04)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.