FreeBSD Local Security Checks : FreeBSD Ports: fetchmail

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.61220

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: fetchmail

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: fetchmail

CVE-2008-2711
fetchmail 6.3.8 and earlier, when running in -v -v mode, allows remote
attackers to cause a denial of service (crash and persistent mail
failure) via a malformed mail message with long headers, which is not
properly handled when using vsnprintf to format log messages.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-2711
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
BugTraq ID: 29705
http://www.securityfocus.com/bid/29705
Bugtraq: 20080617 fetchmail security announcement fetchmail-SA-2008-01 (CVE-2008-2711) (Google Search)
http://www.securityfocus.com/archive/1/493391/100/0/threaded
Bugtraq: 20080729 rPSA-2008-0235-1 fetchmail fetchmailconf (Google Search)
http://www.securityfocus.com/archive/1/494865/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01091.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01095.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:117
https://bugzilla.novell.com/show_bug.cgi?id=354291
http://www.openwall.com/lists/oss-security/2008/06/13/1
http://www.openwall.com/lists/oss-security/2021/08/09/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10950
http://www.securitytracker.com/id?1020298
http://secunia.com/advisories/30742
http://secunia.com/advisories/30895
http://secunia.com/advisories/31262
http://secunia.com/advisories/31287
http://secunia.com/advisories/33937
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.495740
http://www.vupen.com/english/advisories/2008/1860/references
http://www.vupen.com/english/advisories/2009/0422
XForce ISS Database: fetchmail-logmessage-dos(43121)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43121

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.61220
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: fetchmail
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: fetchmail CVE-2008-2711 fetchmail 6.3.8 and earlier, when running in -v -v mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which is not properly handled when using vsnprintf to format log messages. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2711 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html BugTraq ID: 29705 http://www.securityfocus.com/bid/29705 Bugtraq: 20080617 fetchmail security announcement fetchmail-SA-2008-01 (CVE-2008-2711) (Google Search) http://www.securityfocus.com/archive/1/493391/100/0/threaded Bugtraq: 20080729 rPSA-2008-0235-1 fetchmail fetchmailconf (Google Search) http://www.securityfocus.com/archive/1/494865/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01091.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01095.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:117 https://bugzilla.novell.com/show_bug.cgi?id=354291 http://www.openwall.com/lists/oss-security/2008/06/13/1 http://www.openwall.com/lists/oss-security/2021/08/09/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10950 http://www.securitytracker.com/id?1020298 http://secunia.com/advisories/30742 http://secunia.com/advisories/30895 http://secunia.com/advisories/31262 http://secunia.com/advisories/31287 http://secunia.com/advisories/33937 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.495740 http://www.vupen.com/english/advisories/2008/1860/references http://www.vupen.com/english/advisories/2009/0422 XForce ISS Database: fetchmail-logmessage-dos(43121) https://exchange.xforce.ibmcloud.com/vulnerabilities/43121
Copyright	Copyright (C) 2008 E-Soft Inc.