Technical Description

A vulnerability has been identified in Mandriva, which could be exploited by attackers to cause a denial of service. This issue is caused by an error in Fetchmail. For additional information, see : VUPEN/ADV-2007-3032

Affected Products

Mandriva Linux 2007.1
Mandriva Linux 2007.0
Mandriva Corporate 3.0
Mandriva Corporate 4.0

Solution

Upgrade the affected packages :

Mandriva Linux 2007.0:
ec4f5dea69e44968c18ed13aec63fbc4 2007.0/i586/fetchmail-6.3.4-3.3mdv2007.0.i586.rpm
6714594d428e0e2e0ed3e677c7813fda 2007.0/i586/fetchmail-daemon-6.3.4-3.3mdv2007.0.i586.rpm
4d2fbbf2de3d9204647f5a3cd7991e56 2007.0/i586/fetchmailconf-6.3.4-3.3mdv2007.0.i586.rpm
47b05bee8f922fe043863399cad72818 2007.0/SRPMS/fetchmail-6.3.4-3.3mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
1bd5250e46911f1c58e29d99c3ca7b70 2007.0/x86_64/fetchmail-6.3.4-3.3mdv2007.0.x86_64.rpm
3f9aefbedfdc5dcd888c77314827eb41 2007.0/x86_64/fetchmail-daemon-6.3.4-3.3mdv2007.0.x86_64.rpm
899116e39b78dc4184c4f4a1a8d839ff 2007.0/x86_64/fetchmailconf-6.3.4-3.3mdv2007.0.x86_64.rpm
47b05bee8f922fe043863399cad72818 2007.0/SRPMS/fetchmail-6.3.4-3.3mdv2007.0.src.rpm

Mandriva Linux 2007.1:
01a5cdfd3329fc919b76bbbd955f1765 2007.1/i586/fetchmail-6.3.6-1.2mdv2007.1.i586.rpm
cdc7413cca7f26b5f10a2ade1412f05e 2007.1/i586/fetchmail-daemon-6.3.6-1.2mdv2007.1.i586.rpm
01de767500146bb7f00e5282267cc348 2007.1/i586/fetchmailconf-6.3.6-1.2mdv2007.1.i586.rpm
36ae6d7fa6fd77a2925e5ac64e7a0394 2007.1/SRPMS/fetchmail-6.3.6-1.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
3a5fd389cb5ab9d3e66772df25a5d081 2007.1/x86_64/fetchmail-6.3.6-1.2mdv2007.1.x86_64.rpm
a9ea49f814c8305ad5b845d5afd11db2 2007.1/x86_64/fetchmail-daemon-6.3.6-1.2mdv2007.1.x86_64.rpm
20cd90c65804e6272fdf8f95586799e4 2007.1/x86_64/fetchmailconf-6.3.6-1.2mdv2007.1.x86_64.rpm
36ae6d7fa6fd77a2925e5ac64e7a0394 2007.1/SRPMS/fetchmail-6.3.6-1.2mdv2007.1.src.rpm

Corporate 3.0:
c467b462473a61160ef0f00a1fae355e corporate/3.0/i586/fetchmail-6.2.5-3.6.C30mdk.i586.rpm
781126a4db0c738eac5cdd9ec8cc5981 corporate/3.0/i586/fetchmail-daemon-6.2.5-3.6.C30mdk.i586.rpm
ae3874e52845214fb1bf7eecdc6abf84 corporate/3.0/i586/fetchmailconf-6.2.5-3.6.C30mdk.i586.rpm
230cbc53c8bbba90c486708fff76abea corporate/3.0/SRPMS/fetchmail-6.2.5-3.6.C30mdk.src.rpm

Corporate 3.0/X86_64:
eb699fd754ebd4946bfe7c026f6f2e42 corporate/3.0/x86_64/fetchmail-6.2.5-3.6.C30mdk.x86_64.rpm
e7ecb2da9c3d73f3b0a5cebf13930f7e corporate/3.0/x86_64/fetchmail-daemon-6.2.5-3.6.C30mdk.x86_64.rpm
b6bfcbc53aabb69d1c07d0fb0a8afed8 corporate/3.0/x86_64/fetchmailconf-6.2.5-3.6.C30mdk.x86_64.rpm
230cbc53c8bbba90c486708fff76abea corporate/3.0/SRPMS/fetchmail-6.2.5-3.6.C30mdk.src.rpm

Corporate 4.0:
81cfe01e0da3ca09cf7c4ac39bdf48d1 corporate/4.0/i586/fetchmail-6.2.5-11.5.20060mlcs4.i586.rpm
40b38bce6f851cf3165b0e8a8f5f3c50 corporate/4.0/i586/fetchmail-daemon-6.2.5-11.5.20060mlcs4.i586.rpm
d7c94a1d6e803c00e5c05f0aa0efc477 corporate/4.0/i586/fetchmailconf-6.2.5-11.5.20060mlcs4.i586.rpm
3efc2789b3ea0582b5c6ec70d65ddff5 corporate/4.0/SRPMS/fetchmail-6.2.5-11.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
58c9d8daa4ba5a11b96b4373d9f2b45c corporate/4.0/x86_64/fetchmail-6.2.5-11.5.20060mlcs4.x86_64.rpm
a9e54ac1f2a56a0ceca4663e1b970201 corporate/4.0/x86_64/fetchmail-daemon-6.2.5-11.5.20060mlcs4.x86_64.rpm
de9f1acd42b3a445e9fe8c74b4b90094 corporate/4.0/x86_64/fetchmailconf-6.2.5-11.5.20060mlcs4.x86_64.rpm
3efc2789b3ea0582b5c6ec70d65ddff5 corporate/4.0/SRPMS/fetchmail-6.2.5-11.5.20060mlcs4.src.rpm

References

http://www.vupen.com/english/advisories/2007/3122
http://archives.mandrivalinux.com/security-announce/2007-09/msg00010.php

ChangeLog

2007-09-13 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.