| Description: | Description:
The remote host is missing an update to fetchmail
announced via advisory FEDORA-2005-614.
Fetchmail is a remote mail retrieval and forwarding utility intended
for use over on-demand TCP/IP links, like SLIP or PPP connections.
Fetchmail supports every remote-mail protocol currently in use on the
Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6,
and IPSEC) for retrieval. Then Fetchmail forwards the mail through
SMTP so you can read it through your favorite mail client.
A buffer overflow was discovered in fetchmail's POP3 client. A malicious
server could cause fetchmail to execute arbitrary code.
The Common Vulnerabilities and Exposures project has assigned the name
CVE-2005-2335 to this issue.
All fetchmail users should upgrade to the updated package, which fixes this issue.
* Thu Jul 21 2005 Miloslav Trmac - 6.2.5-7.fc4.1
- Fix CVE-2005-2335 (#163819, patch by Ludwig Nussel)
* Wed Mar 16 2005 Nalin Dahyabhai 6.2.5-7
- stop using one of the libkrb5 private functions
Solution: Apply the appropriate updates.
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
This update can also be installed with the Update Agent
you can
launch the Update Agent with the 'up2date' command.
http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2005-614
Risk factor : Medium
CVSS Score:
5.0
|
