ID de Prueba:	1.3.6.1.4.1.25623.1.0.57815
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:0018
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:0018. Fetchmail is a remote mail retrieval and forwarding utility. A denial of service flaw was found when Fetchmail was run in multidrop mode. A malicious mail server could send a message without headers which would cause Fetchmail to crash (CVE-2005-4348). This issue did not affect the version of Fetchmail shipped with Red Hat Enterprise Linux 2.1 or 3. A flaw was found in the way Fetchmail used TLS encryption to connect to remote hosts. Fetchmail provided no way to enforce the use of TLS encryption and would not authenticate POP3 protocol connections properly (CVE-2006-5867). This update corrects this issue by enforcing TLS encryption when the sslproto configuration directive is set to tls1. Users of Fetchmail should update to these packages, which contain backported patches to correct these issues. Note: This update may break configurations which assumed that Fetchmail would use plain-text authentication if TLS encryption is not supported by the POP3 server even if the sslproto directive is set to tls1. If you are using a custom configuration that depended on this behavior you will need to modify your configuration appropriately after installing this update. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0018.html http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt http://fetchmail.berlios.de/fetchmail-SA-2006-03.txt http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 7.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-4348 BugTraq ID: 15987 http://www.securityfocus.com/bid/15987 BugTraq ID: 19289 http://www.securityfocus.com/bid/19289 Bugtraq: 20051221 fetchmail security announcement fetchmail-SA-2005-03 (CVE-2005-4348) (Google Search) http://www.securityfocus.com/archive/1/420098/100/0/threaded Bugtraq: 20060526 rPSA-2006-0084-1 fetchmail (Google Search) http://www.securityfocus.com/archive/1/435197/100/0/threaded Debian Security Information: DSA-939 (Google Search) http://www.debian.org/security/2005/dsa-939 http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:236 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343836 http://www.osvdb.org/21906 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9659 http://www.redhat.com/support/errata/RHSA-2007-0018.html http://securitytracker.com/id?1015383 http://secunia.com/advisories/17891 http://secunia.com/advisories/18172 http://secunia.com/advisories/18231 http://secunia.com/advisories/18266 http://secunia.com/advisories/18433 http://secunia.com/advisories/18463 http://secunia.com/advisories/18895 http://secunia.com/advisories/21253 http://secunia.com/advisories/24007 http://secunia.com/advisories/24284 SGI Security Advisory: 20070201-01-P ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.443499 SuSE Security Announcement: SUSE-SR:2007:004 (Google Search) http://www.novell.com/linux/security/advisories/2007_4_sr.html http://www.trustix.org/errata/2006/0002/ https://usn.ubuntu.com/233-1/ http://www.vupen.com/english/advisories/2005/2996 http://www.vupen.com/english/advisories/2006/3101 XForce ISS Database: fetchmail-null-pointer-dos(23713) https://exchange.xforce.ibmcloud.com/vulnerabilities/23713 Common Vulnerability Exposure (CVE) ID: CVE-2006-5867 http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html BugTraq ID: 21903 http://www.securityfocus.com/bid/21903 Bugtraq: 20070105 fetchmail security announcement 2006-02 (CVE-2006-5867) (Google Search) http://www.securityfocus.com/archive/1/456115/100/0/threaded Bugtraq: 20070218 Re: [SECURITY] [DSA 1259-1] New fetchmail packages fix information disclosure (Google Search) http://www.securityfocus.com/archive/1/460528/100/0/threaded Cert/CC Advisory: TA07-109A http://www.us-cert.gov/cas/techalerts/TA07-109A.html Debian Security Information: DSA-1259 (Google Search) http://www.debian.org/security/2007/dsa-1259 http://fedoranews.org/cms/node/2429 http://security.gentoo.org/glsa/glsa-200701-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:016 http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.004.html http://osvdb.org/31580 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10566 http://securitytracker.com/id?1017478 http://secunia.com/advisories/23631 http://secunia.com/advisories/23695 http://secunia.com/advisories/23714 http://secunia.com/advisories/23781 http://secunia.com/advisories/23804 http://secunia.com/advisories/23838 http://secunia.com/advisories/23923 http://secunia.com/advisories/24151 http://secunia.com/advisories/24174 http://secunia.com/advisories/24966 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.517995 http://www.trustix.org/errata/2007/0007 http://www.ubuntu.com/usn/usn-405-1 http://www.vupen.com/english/advisories/2007/0087 http://www.vupen.com/english/advisories/2007/0088 http://www.vupen.com/english/advisories/2007/1470
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.