Test Kennung:	1.3.6.1.4.1.25623.1.0.55831
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDKSA-2005:209 (fetchmail)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to fetchmail announced via advisory MDKSA-2005:209. Thomas Wolff and Miloslav Trmac discovered a race condition in the fetchmailconf program. fetchmailconf would create the initial output configuration file with insecure permissions and only after writing would it change permissions to be more restrictive. During that time, passwords and other data could be exposed to other users on the system unless the user used a more restrictive umask setting. As well, the Mandriva Linux 2006 packages did not contain the patch that corrected the issues fixed in MDKSA-2005:126, namely a buffer overflow in fetchmail's POP3 client (CVE-2005-2355). The updated packages have been patched to address this issue, and the Mandriva 2006 packages have also been patched to correct CVE-2005-2355. Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:209 Risk factor : Medium CVSS Score: 2.1
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2355 Common Vulnerability Exposure (CVE) ID: CVE-2005-3088 http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html BugTraq ID: 15179 http://www.securityfocus.com/bid/15179 BugTraq ID: 19289 http://www.securityfocus.com/bid/19289 Bugtraq: 20051027 fetchmail security announcement 2005-02 (CVE-2005-3088) (Google Search) http://marc.info/?l=bugtraq&m=113042785902031&w=2 Cert/CC Advisory: TA06-214A http://www.us-cert.gov/cas/techalerts/TA06-214A.html Debian Security Information: DSA-900 (Google Search) http://www.debian.org/security/2005/dsa-900 http://www.gentoo.org/security/en/glsa/glsa-200511-06.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:209 http://www.osvdb.org/20267 http://www.redhat.com/support/errata/RHSA-2005-823.html http://securitytracker.com/id?1015114 http://secunia.com/advisories/17293 http://secunia.com/advisories/17349 http://secunia.com/advisories/17446 http://secunia.com/advisories/17491 http://secunia.com/advisories/17495 http://secunia.com/advisories/17631 http://secunia.com/advisories/18895 http://secunia.com/advisories/21253 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.443499 https://usn.ubuntu.com/215-1/ http://www.vupen.com/english/advisories/2005/2182 http://www.vupen.com/english/advisories/2006/3101
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.