|
|
Family: Ubuntu Local Security Checks --> Category: infos
USN233-1 : fetchmail vulnerability Vulnerability Scan
Vulnerability Scan Summary
fetchmail vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- fetchmail
- fetchmail-ssl
- fetchmailconf
Description :
Steve Fosdick discovered a remote Denial of Service vulnerability in
fetchmail. When using fetchmail in 'multidrop' mode, a malicious email
server could cause a crash by sending an email without any headers.
Since fetchmail is commonly called automatically (with cron, for
example), this crash could go unnoticed.
Solution :
Upgrade to :
- fetchmail-6.2.5-13ubuntu3.2 (Ubuntu 5.10)
- fetchmail-ssl-6.2.5-13ubuntu3.2 (Ubuntu 5.10)
- fetchmailconf-6.2.5-13ubuntu3.2 (Ubuntu 5.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
