Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2002:036 (fetchmail)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50810

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2002:036 (fetchmail)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to fetchmail
announced via advisory MDKSA-2002:036.

A problem was discovered with versions of fetchmail prior to 5.9.10
that was triggered by retreiving mail from an IMAP server. The
fetchmail client will allocate an array to store the sizes of the
messages it is attempting to retrieve. This array size is determined
by the number of messages the server is claiming to have, and fetchmail
would not check whether or not the number of messages the server was
claiming was too high. This would allow a malicious server to make the
fetchmail process write data outside of the array bounds.

Affected versions: 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1
Single Network Firewall 7.2

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:036
http://tuxedo.org/~
esr/fetchmail/NEWS
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0146

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: BugTraq ID: 4788
Common Vulnerability Exposure (CVE) ID: CVE-2002-0146
http://www.securityfocus.com/bid/4788
Caldera Security Advisory: CSSA-2002-027.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-027.0.txt
HPdes Security Advisory: HPSBTL0205-042
http://online.securityfocus.com/advisories/4145
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-036.php
http://www.redhat.com/support/errata/RHSA-2002-047.html
http://www.iss.net/security_center/static/9133.php

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50810
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2002:036 (fetchmail)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to fetchmail announced via advisory MDKSA-2002:036. A problem was discovered with versions of fetchmail prior to 5.9.10 that was triggered by retreiving mail from an IMAP server. The fetchmail client will allocate an array to store the sizes of the messages it is attempting to retrieve. This array size is determined by the number of messages the server is claiming to have, and fetchmail would not check whether or not the number of messages the server was claiming was too high. This would allow a malicious server to make the fetchmail process write data outside of the array bounds. Affected versions: 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1 Single Network Firewall 7.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:036 http://tuxedo.org/~ esr/fetchmail/NEWS http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0146 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	BugTraq ID: 4788 Common Vulnerability Exposure (CVE) ID: CVE-2002-0146 http://www.securityfocus.com/bid/4788 Caldera Security Advisory: CSSA-2002-027.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-027.0.txt HPdes Security Advisory: HPSBTL0205-042 http://online.securityfocus.com/advisories/4145 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-036.php http://www.redhat.com/support/errata/RHSA-2002-047.html http://www.iss.net/security_center/static/9133.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com