|
Family: Ubuntu Local Security Checks --> Category: infos
USN153-1 : fetchmail vulnerability Vulnerability Scan
Vulnerability Scan Summary fetchmail vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- fetchmail
- fetchmail-ssl
- fetchmailconf
Description :
Ross Boylan discovered a remote buffer overflow in fetchmail. By
sending invalid responses with very long UIDs, a faulty or malicious
POP server could crash fetchmail or execute arbitrary code with the
rights of the user invoking fetchmail.
fetchmail is commonly run as root to fetch mail for multiple user
accounts
in this case, this vulnerability could be exploited to
compromise the whole system.
Solution :
Upgrade to :
- fetchmail-6.2.5-12ubuntu1.1 (Ubuntu 5.04)
- fetchmail-ssl-6.2.5-12ubuntu1.1 (Ubuntu 5.04)
- fetchmailconf-6.2.5-12ubuntu1.1 (Ubuntu 5.04)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|