 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.64808 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2009:1427 |
| Resumen: | The remote host is missing updates announced in;advisory RHSA-2009:1427.;;Fetchmail is a remote mail retrieval and forwarding utility intended for;use over on-demand TCP/IP links, such as SLIP and PPP connections.;;It was discovered that fetchmail is affected by the previously published;null prefix attack, caused by incorrect handling of NULL characters in;X.509 certificates. If an attacker is able to get a carefully-crafted;certificate signed by a trusted Certificate Authority, the attacker could;use the certificate during a man-in-the-middle attack and potentially;confuse fetchmail into accepting it by mistake. (CVE-2009-2666);;A flaw was found in the way fetchmail handles rejections from a remote SMTP;server when sending warning mail to the postmaster. If fetchmail sent a;warning mail to the postmaster of an SMTP server and that SMTP server;rejected it, fetchmail could crash. (CVE-2007-4565);;A flaw was found in fetchmail. When fetchmail is run in double verbose;mode (-v -v), it could crash upon receiving certain, malformed mail;messages with long headers. A remote attacker could use this flaw to cause;a denial of service if fetchmail was also running in daemon mode (-d).;(CVE-2008-2711);;Note: when using SSL-enabled services, it is recommended that the fetchmail;; - -sslcertck option be used to enforce strict SSL certificate checking.;;All fetchmail users should upgrade to this updated package, which contains;backported patches to correct these issues. If fetchmail is running in;daemon mode, it must be restarted for this update to take effect (use the;fetchmail --quit command to stop the fetchmail process). |
| Descripción: | Summary: The remote host is missing updates announced in advisory RHSA-2009:1427. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, such as SLIP and PPP connections. It was discovered that fetchmail is affected by the previously published null prefix attack, caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse fetchmail into accepting it by mistake. (CVE-2009-2666) A flaw was found in the way fetchmail handles rejections from a remote SMTP server when sending warning mail to the postmaster. If fetchmail sent a warning mail to the postmaster of an SMTP server and that SMTP server rejected it, fetchmail could crash. (CVE-2007-4565) A flaw was found in fetchmail. When fetchmail is run in double verbose mode (-v -v), it could crash upon receiving certain, malformed mail messages with long headers. A remote attacker could use this flaw to cause a denial of service if fetchmail was also running in daemon mode (-d). (CVE-2008-2711) Note: when using SSL-enabled services, it is recommended that the fetchmail - -sslcertck option be used to enforce strict SSL certificate checking. All fetchmail users should upgrade to this updated package, which contains backported patches to correct these issues. If fetchmail is running in daemon mode, it must be restarted for this update to take effect (use the fetchmail --quit command to stop the fetchmail process). Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2007-4565 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html BugTraq ID: 25495 http://www.securityfocus.com/bid/25495 Bugtraq: 20070907 FLEA-2007-0053-1 fetchmail (Google Search) http://www.securityfocus.com/archive/1/478798/100/0/threaded Bugtraq: 20080617 fetchmail security announcement fetchmail-SA-2007-02 (CVE-2007-4565) (Google Search) http://www.securityfocus.com/archive/1/493388/100/0/threaded Debian Security Information: DSA-1377 (Google Search) http://www.debian.org/security/2007/dsa-1377 http://www.mandriva.com/security/advisories?name=MDKSA-2007:179 http://osvdb.org/45833 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10528 http://www.securitytracker.com/id?1018627 http://secunia.com/advisories/27399 http://secunia.com/advisories/33937 http://securityreason.com/securityalert/3074 SuSE Security Announcement: SUSE-SR:2007:022 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html http://www.trustix.org/errata/2007/0028/ http://www.ubuntu.com/usn/usn-520-1 http://www.vupen.com/english/advisories/2007/3032 http://www.vupen.com/english/advisories/2009/0422 XForce ISS Database: fetchmail-warning-dos(36385) https://exchange.xforce.ibmcloud.com/vulnerabilities/36385 Common Vulnerability Exposure (CVE) ID: CVE-2008-2711 BugTraq ID: 29705 http://www.securityfocus.com/bid/29705 Bugtraq: 20080617 fetchmail security announcement fetchmail-SA-2008-01 (CVE-2008-2711) (Google Search) http://www.securityfocus.com/archive/1/493391/100/0/threaded Bugtraq: 20080729 rPSA-2008-0235-1 fetchmail fetchmailconf (Google Search) http://www.securityfocus.com/archive/1/494865/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01091.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01095.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:117 https://bugzilla.novell.com/show_bug.cgi?id=354291 http://www.openwall.com/lists/oss-security/2008/06/13/1 http://www.openwall.com/lists/oss-security/2021/08/09/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10950 http://www.securitytracker.com/id?1020298 http://secunia.com/advisories/30742 http://secunia.com/advisories/30895 http://secunia.com/advisories/31262 http://secunia.com/advisories/31287 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.495740 http://www.vupen.com/english/advisories/2008/1860/references XForce ISS Database: fetchmail-logmessage-dos(43121) https://exchange.xforce.ibmcloud.com/vulnerabilities/43121 Common Vulnerability Exposure (CVE) ID: CVE-2009-2666 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html BugTraq ID: 35951 http://www.securityfocus.com/bid/35951 Bugtraq: 20090806 fetchmail security announcement fetchmail-SA-2009-01 (CVE-2009-2666) (Google Search) http://www.securityfocus.com/archive/1/505530/100/0/threaded Debian Security Information: DSA-1852 (Google Search) http://www.debian.org/security/2009/dsa-1852 http://www.mandriva.com/security/advisories?name=MDVSA-2009:201 http://marc.info/?l=oss-security&m=124949601207156&w=2 http://osvdb.org/56855 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11059 http://www.securitytracker.com/id?1022679 http://secunia.com/advisories/36175 http://secunia.com/advisories/36179 http://secunia.com/advisories/36236 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.543463 http://www.vupen.com/english/advisories/2009/2155 http://www.vupen.com/english/advisories/2009/3184 |
| Copyright | Copyright (C) 2009 E-Soft Inc. |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |