|
|
Family: Red Hat Local Security Checks --> Category: infos
RHSA-2002-294: fetchmail Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the fetchmail packages
Detailed Explanation for this Vulnerability Test
Updated Fetchmail packages are available for Red Hat Linux Advanced Server
which close a remotely-exploitable vulnerability in unpatched versions of
Fetchmail prior to 6.2.0.
[Updated 06 Feb 2003]
Added fixed packages for Advanced Workstation
Fetchmail is a remote mail retrieval and forwarding utility intended for
use over on-demand TCP/IP links such as SLIP and PPP connections. A bug
has been found in the header parsing code in versions of Fetchmail prior
to 6.2.0.
The bug allows a remote attacker to crash Fetchmail and potentially execute
arbitrary code by sending a carefully crafted email which is parsed by
Fetchmail.
All users of Fetchmail are advised to upgrade to the errata packages
containing a backported fix which corrects this issue.
Solution : http://rhn.redhat.com/errata/RHSA-2002-294.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
