Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> Mandriva Security Update Fixes Fetchmail Buffer Overflow Issue

Title : Mandriva Security Update Fixes Fetchmail Buffer Overflow Issue
VUPEN ID : VUPEN/ADV-2005-1270
CVE ID : CVE-2005-2335
CWE ID : CWE-
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-07-29

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format 

Mandriva has released updated packages to correct a vulnerability identified in Fetchmail. This flaw is due to a stack overflow error when processing specially crafted UIDL responses from a POP3 server, which could be exploited by remote attackers to compromise a vulnerable system by convincing a user to connect to a malicious POP3 server. For additional information, see : VUPEN/ADV-2005-1171

Affected Products

Mandrakelinux 10.1
Mandrakelinux 10.2
Corporate Server 2.1
Corporate 3.0

Solution

Use MandrakeUpdate to apply patches :
Mandrakelinux 10.1:
563f08174b32d11c7d072a7c86672cd6 10.1/RPMS/fetchmail-6.2.5-5.1.101mdk.i586.rpm
322f5e01a8ccf9611119bf56c81b3c34 10.1/RPMS/fetchmail-daemon-6.2.5-5.1.101mdk.i586.rpm
b41cd62c89bd4e728107b8fadb3d10dd 10.1/RPMS/fetchmailconf-6.2.5-5.1.101mdk.i586.rpm
9193b1c0ccf4d8dc1158a2707ff73628 10.1/SRPMS/fetchmail-6.2.5-5.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
e160ad934bb3007cf35c050006bd9bec x86_64/10.1/RPMS/fetchmail-6.2.5-5.1.101mdk.x86_64.rpm
193c90622e9279417f0d89e7368162d2 x86_64/10.1/RPMS/fetchmail-daemon-6.2.5-5.1.101mdk.x86_64.rpm
8b29df74bc7cc01ad0e57052908d96fb x86_64/10.1/RPMS/fetchmailconf-6.2.5-5.1.101mdk.x86_64.rpm
9193b1c0ccf4d8dc1158a2707ff73628 x86_64/10.1/SRPMS/fetchmail-6.2.5-5.1.101mdk.src.rpm
Mandrakelinux 10.2:
f25ca14a570b18627309b1ec6d6118bb 10.2/RPMS/fetchmail-6.2.5-10.1.102mdk.i586.rpm
afdcff56a05aebf22b7cd138166d4ca7 10.2/RPMS/fetchmail-daemon-6.2.5-10.1.102mdk.i586.rpm
6d58bd3064e22875011b97cee9c2d809 10.2/RPMS/fetchmailconf-6.2.5-10.1.102mdk.i586.rpm
7d6ab32632446ed61fc18591f1c2fd00 10.2/SRPMS/fetchmail-6.2.5-10.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
8f0f018bb2807d5285ae2ef05bb57107 x86_64/10.2/RPMS/fetchmail-6.2.5-10.1.102mdk.x86_64.rpm
870f31b16001b83be84e51cc93a92200 x86_64/10.2/RPMS/fetchmail-daemon-6.2.5-10.1.102mdk.x86_64.rpm
2f464f9c3409880ef9c457b9986ae712 x86_64/10.2/RPMS/fetchmailconf-6.2.5-10.1.102mdk.x86_64.rpm
7d6ab32632446ed61fc18591f1c2fd00 x86_64/10.2/SRPMS/fetchmail-6.2.5-10.1.102mdk.src.rpm
Corporate Server 2.1:
96185810b7b4ad91d4986fd0d946a15d corporate/2.1/RPMS/fetchmail-6.1.0-1.3.C21mdk.i586.rpm
268fdaf86ca3f5f33b9c1ac0a00efc4a corporate/2.1/RPMS/fetchmail-daemon-6.1.0-1.3.C21mdk.i586.rpm
647d592ec242a09fa869da6f37660299 corporate/2.1/RPMS/fetchmailconf-6.1.0-1.3.C21mdk.i586.rpm
8d3e996da39619613de0046e7c9cb459 corporate/2.1/SRPMS/fetchmail-6.1.0-1.3.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
d19fab3b9b57c4f9c9e4fe6aebd6ea81 x86_64/corporate/2.1/RPMS/fetchmail-6.1.0-1.3.C21mdk.x86_64.rpm
587dc00b22b6fd4e9b17f5bdb26457f6 x86_64/corporate/2.1/RPMS/fetchmail-daemon-6.1.0-1.3.C21mdk.x86_64.rpm
1d44d1c54e69049966b222ada486e633 x86_64/corporate/2.1/RPMS/fetchmailconf-6.1.0-1.3.C21mdk.x86_64.rpm
8d3e996da39619613de0046e7c9cb459 x86_64/corporate/2.1/SRPMS/fetchmail-6.1.0-1.3.C21mdk.src.rpm
Corporate 3.0:
9d67bcb3d6485a0ffb243f9ed23cda22 corporate/3.0/RPMS/fetchmail-6.2.5-3.1.C30mdk.i586.rpm
f9283b89d96efbbb8f2ce98abe00c563 corporate/3.0/RPMS/fetchmail-daemon-6.2.5-3.1.C30mdk.i586.rpm
4c170dbe398c93923d2a106dc6275c2e corporate/3.0/RPMS/fetchmailconf-6.2.5-3.1.C30mdk.i586.rpm
f7c51eab215fe7c2e46baf154c315d26 corporate/3.0/SRPMS/fetchmail-6.2.5-3.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
6e40e50873f3ca1b49d948e1a3be052a x86_64/corporate/3.0/RPMS/fetchmail-6.2.5-3.1.C30mdk.x86_64.rpm
77d83cddcb9d2daf4b04a8ce09da90b7 x86_64/corporate/3.0/RPMS/fetchmail-daemon-6.2.5-3.1.C30mdk.x86_64.rpm
a90e50cc1bbec81fbc8949ef5da5b87f x86_64/corporate/3.0/RPMS/fetchmailconf-6.2.5-3.1.C30mdk.x86_64.rpm
f7c51eab215fe7c2e46baf154c315d26 x86_64/corporate/3.0/SRPMS/fetchmail-6.2.5-3.1.C30mdk.src.rpm

References

http://www.vupen.com/english/advisories/2005/1270
http://archives.mandrivalinux.com/security-announce/2005-07/msg00023.php

ChangeLog

2005-07-29 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Vulnerability Alerting

Free 14-Day Trial
 
  Latest News

 

  >> 2009-07-06

     

  Microsoft Windows 0-Day
  Flaw Exploited in the Wild


  >> 2009-06-10

     

  VUPEN Security Research
  Discovered Critical Flaws
  in Adobe Acrobat and MS
  Office Word


  >> 2009-06-02

     

  VUPEN Security Research
  Discovered Critical Flaws
  in ACDSee Products


  >> 2009-05-22

     

  VUPEN Discovered Two
  Critical Vulnerabilities in
  Novell GroupWise 8 / 7

 

 

More Informations    
    








Copyright 2003-2009 © VUPEN.COM - Privacy Policy