Red Hat Local Security Checks : RedHat Security Advisory RHSA-2002:216

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51226

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2002:216

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2002:216.

Updated Fetchmail packages are available for Red Hat Linux Advanced Server
which close a remotely-exploitable vulnerability in unpatched versions of
Fetchmail prior to 6.1.0.

Fetchmail is a remote mail retrieval and forwarding utility intended for
use over on-demand TCP/IP links such as SLIP and PPP connections. Two bugs
have been found in the header parsing code in versions of Fetchmail prior
to 6.1.0.

The first bug allows a remote attacker to crash Fetchmail by sending a
carefully crafted DNS packet. The second bug allows a remote attacker to
carefully craft an email in such a way that when it is parsed by Fetchmail
a heap overflow occurs, allowing remote arbitrary code execution.

Both of these bugs are only exploitable if Fetchmail is being used in
multidrop mode (using the 'multiple-local-recipients' feature).

All users of Fetchmail are advised to upgrade to the errata packages
containing a backported fix which is not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2002-216.html
http://tuxedo.org/~
esr/fetchmail/NEWS
http://security.e-matters.de/advisories/032002.html
http://www.kb.cert.org/vuls/id/738331

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2002-1174
BugTraq ID: 5825
http://www.securityfocus.com/bid/5825
BugTraq ID: 5827
http://www.securityfocus.com/bid/5827
Bugtraq: 20020929 Advisory 03/2002: Fetchmail remote vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=103340148625187&w=2
Conectiva Linux advisory: CLA-2002:531
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000531
Debian Security Information: DSA-171 (Google Search)
http://www.debian.org/security/2002/dsa-171
En Garde Linux Advisory: ESA-20021003-023
http://www.linuxsecurity.com/advisories/other_advisory-2402.html
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-063.php
RedHat Security Advisories: RHSA-2002:215
http://rhn.redhat.com/errata/RHSA-2002-215.html
http://www.iss.net/security_center/static/10203.php
Common Vulnerability Exposure (CVE) ID: CVE-2002-1175
BugTraq ID: 5826
http://www.securityfocus.com/bid/5826

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51226
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2002:216
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2002:216. Updated Fetchmail packages are available for Red Hat Linux Advanced Server which close a remotely-exploitable vulnerability in unpatched versions of Fetchmail prior to 6.1.0. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links such as SLIP and PPP connections. Two bugs have been found in the header parsing code in versions of Fetchmail prior to 6.1.0. The first bug allows a remote attacker to crash Fetchmail by sending a carefully crafted DNS packet. The second bug allows a remote attacker to carefully craft an email in such a way that when it is parsed by Fetchmail a heap overflow occurs, allowing remote arbitrary code execution. Both of these bugs are only exploitable if Fetchmail is being used in multidrop mode (using the 'multiple-local-recipients' feature). All users of Fetchmail are advised to upgrade to the errata packages containing a backported fix which is not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2002-216.html http://tuxedo.org/~ esr/fetchmail/NEWS http://security.e-matters.de/advisories/032002.html http://www.kb.cert.org/vuls/id/738331 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1174 BugTraq ID: 5825 http://www.securityfocus.com/bid/5825 BugTraq ID: 5827 http://www.securityfocus.com/bid/5827 Bugtraq: 20020929 Advisory 03/2002: Fetchmail remote vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=103340148625187&w=2 Conectiva Linux advisory: CLA-2002:531 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000531 Debian Security Information: DSA-171 (Google Search) http://www.debian.org/security/2002/dsa-171 En Garde Linux Advisory: ESA-20021003-023 http://www.linuxsecurity.com/advisories/other_advisory-2402.html http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-063.php RedHat Security Advisories: RHSA-2002:215 http://rhn.redhat.com/errata/RHSA-2002-215.html http://www.iss.net/security_center/static/10203.php Common Vulnerability Exposure (CVE) ID: CVE-2002-1175 BugTraq ID: 5826 http://www.securityfocus.com/bid/5826
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com