|
|
>> Mandriva Security Update Fixes Multiple Fetchmail Vulnerabilities
|
Title : Mandriva Security Update Fixes Multiple Fetchmail Vulnerabilities
VUPEN ID : VUPEN/ADV-2005-2371
CVE ID : CVE-2005-2335 - CVE-2005-3088
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-11-09
|
Mandriva has released updated packages to correct two vulnerabilities identified in Fetchmail.
The first flaw is due to an error in the "fetchmailconf" program that writes configuration data to the "run control" file, which could be exploited by local attackers to gain knowledge of sensitive information (e.g. passwords). For additional information, see : VUPEN/ADV-2005-2182
The second issue is due to a stack overflow error when processing specially crafted UIDL responses from a POP3 server, which could be exploited by remote attackers to compromise a vulnerable system by convincing a user to connect to a malicious POP3 server. For additional information, see : VUPEN/ADV-2005-1171
Affected Products
Mandriva Linux 10.1
Mandriva Linux 10.2
Mandriva Linux 2006.0
Corporate Server 2.1
Corporate 3.0
Solution
Upgrade the affected packages :
Mandriva Linux 10.1:
de0b7fb59640e490441fe4a48d11954d 10.1/RPMS/fetchmail-6.2.5-5.2.101mdk.i586.rpm
84c6cb9619cb5b4ef74ade674845f51e 10.1/RPMS/fetchmailconf-6.2.5-5.2.101mdk.i586.rpm
1f0b8136bcd4caeae75542ff54d78371 10.1/RPMS/fetchmail-daemon-6.2.5-5.2.101mdk.i586.rpm
e9309094431f4983fad035cbc1eb566b 10.1/SRPMS/fetchmail-6.2.5-5.2.101mdk.src.rpm
Mandriva Linux 10.1/X86_64:
32720e7378b6b85ae3a1287d5ff558e3 x86_64/10.1/RPMS/fetchmail-6.2.5-5.2.101mdk.x86_64.rpm
c46469b4d83446e861b8db3b54c60f6d x86_64/10.1/RPMS/fetchmailconf-6.2.5-5.2.101mdk.x86_64.rpm
5ea98645d8fd15f30c7060576d220518 x86_64/10.1/RPMS/fetchmail-daemon-6.2.5-5.2.101mdk.x86_64.rpm
e9309094431f4983fad035cbc1eb566b x86_64/10.1/SRPMS/fetchmail-6.2.5-5.2.101mdk.src.rpm
Mandriva Linux 10.2:
59614bb2b9bd76c93300d3459bd908e8 10.2/RPMS/fetchmail-6.2.5-10.3.102mdk.i586.rpm
096f60340d1d71ea15290534a5b1cfc9 10.2/RPMS/fetchmailconf-6.2.5-10.3.102mdk.i586.rpm
c40c436ab5751c4599caefc8cd28940f 10.2/RPMS/fetchmail-daemon-6.2.5-10.3.102mdk.i586.rpm
1a7299f4d74a9d0aa89ce25871644616 10.2/SRPMS/fetchmail-6.2.5-10.3.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
f9290067e4f4e039753d3b6e7eead02d x86_64/10.2/RPMS/fetchmail-6.2.5-10.3.102mdk.x86_64.rpm
813f46e3d0d3413b4b4c5122b5ff8bfc x86_64/10.2/RPMS/fetchmailconf-6.2.5-10.3.102mdk.x86_64.rpm
820953daf6e6c69f58a1e3380cb60369 x86_64/10.2/RPMS/fetchmail-daemon-6.2.5-10.3.102mdk.x86_64.rpm
1a7299f4d74a9d0aa89ce25871644616 x86_64/10.2/SRPMS/fetchmail-6.2.5-10.3.102mdk.src.rpm
Mandriva Linux 2006.0:
b11365c74030b1075435ce6c9e0bda88 2006.0/RPMS/fetchmail-6.2.5-11.1.20060mdk.i586.rpm
f24c20a001b8df396355bae70166c051 2006.0/RPMS/fetchmailconf-6.2.5-11.1.20060mdk.i586.rpm
0d86053a3e69cd9bbf772664eec6236c 2006.0/RPMS/fetchmail-daemon-6.2.5-11.1.20060mdk.i586.rpm
5781cf14f33e52da296bb4b89f811812 2006.0/SRPMS/fetchmail-6.2.5-11.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
dd6f3321e9ff2f6b767c9c2940c0379a x86_64/2006.0/RPMS/fetchmail-6.2.5-11.1.20060mdk.x86_64.rpm
4400d9a3f5e6489bfd40c3185d98970a x86_64/2006.0/RPMS/fetchmailconf-6.2.5-11.1.20060mdk.x86_64.rpm
3b62ae9bcc9fbaa14198b898774b7cec x86_64/2006.0/RPMS/fetchmail-daemon-6.2.5-11.1.20060mdk.x86_64.rpm
5781cf14f33e52da296bb4b89f811812 x86_64/2006.0/SRPMS/fetchmail-6.2.5-11.1.20060mdk.src.rpm
Corporate Server 2.1:
ce7a54747ca8339473335f6b588bc5ce corporate/2.1/RPMS/fetchmail-6.1.0-1.4.C21mdk.i586.rpm
7b44a889fef845ae5db3290dc9b866c9 corporate/2.1/RPMS/fetchmailconf-6.1.0-1.4.C21mdk.i586.rpm
73d527b67a4854fcf9fe9e8b27232fbe corporate/2.1/RPMS/fetchmail-daemon-6.1.0-1.4.C21mdk.i586.rpm
2a20268d079b94fbadafd29c3253504f corporate/2.1/SRPMS/fetchmail-6.1.0-1.4.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
173c6aeda81987ac1820ea7865ca1942 x86_64/corporate/2.1/RPMS/fetchmail-6.1.0-1.4.C21mdk.x86_64.rpm
9624c2cf97df1588c14a3048899b571a x86_64/corporate/2.1/RPMS/fetchmailconf-6.1.0-1.4.C21mdk.x86_64.rpm
e8922f5da70e12576c9feac6d5998913 x86_64/corporate/2.1/RPMS/fetchmail-daemon-6.1.0-1.4.C21mdk.x86_64.rpm
2a20268d079b94fbadafd29c3253504f x86_64/corporate/2.1/SRPMS/fetchmail-6.1.0-1.4.C21mdk.src.rpm
Corporate 3.0:
03913f6670b6de3b9e1c45e35ae0a186 corporate/3.0/RPMS/fetchmail-6.2.5-3.2.C30mdk.i586.rpm
fb46ec776a21f713f6fde14b575d5628 corporate/3.0/RPMS/fetchmailconf-6.2.5-3.2.C30mdk.i586.rpm
ded6e5340284869543be18b5b971be76 corporate/3.0/RPMS/fetchmail-daemon-6.2.5-3.2.C30mdk.i586.rpm
b54d99d537e7317aa590e6aae57df78b corporate/3.0/SRPMS/fetchmail-6.2.5-3.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
d4d0d8a6995d5d209a508984b3b0d7d8 x86_64/corporate/3.0/RPMS/fetchmail-6.2.5-3.2.C30mdk.x86_64.rpm
6bf1d33980eb83ec0434a9fbdae1014f x86_64/corporate/3.0/RPMS/fetchmailconf-6.2.5-3.2.C30mdk.x86_64.rpm
62db83cb99470473cf1718fc38aaedc6 x86_64/corporate/3.0/RPMS/fetchmail-daemon-6.2.5-3.2.C30mdk.x86_64.rpm
b54d99d537e7317aa590e6aae57df78b x86_64/corporate/3.0/SRPMS/fetchmail-6.2.5-3.2.C30mdk.src.rpm
References
http://www.vupen.com/english/advisories/2005/2371
http://archives.mandrivalinux.com/security-announce/2005-11/msg00013.php
ChangeLog
2005-11-09 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
