English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 76783 CVE descriptions
and 40246 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.54433
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-153-1 (fetchmail)
Summary:Ubuntu USN-153-1 (fetchmail)
Description:
The remote host is missing an update to fetchmail
announced via advisory USN-153-1.

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected: fetchmail

Ross Boylan discovered a remote buffer overflow in fetchmail. By
sending invalid responses with very long UIDs, a faulty or malicious
POP server could crash fetchmail or execute arbitrary code with the
privileges of the user invoking fetchmail.

fetchmail is commonly run as root to fetch mail for multiple user
accounts
in this case, this vulnerability could be exploited to
compromise the whole system.

Solution:
The problem can be corrected by upgrading the affected package to
version 6.2.5-8ubuntu2.1 (for Ubuntu 4.10), or 6.2.5-12ubuntu1.1 (for
Ubuntu 5.04). In general, a standard system upgrade is sufficient to
effect the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-153-1

Risk factor : Medium
Cross-Ref: BugTraq ID: 14349
Common Vulnerability Exposure (CVE) ID: CVE-2005-2335
Bugtraq: 20060526 rPSA-2006-0084-1 fetchmail (Google Search)
http://www.securityfocus.com/archive/1/archive/1/435197/100/0/threaded
Bugtraq: 20060801 DMA[2006-0801a] - 'Apple OSX fetchmail buffer overflow' (Google Search)
http://www.securityfocus.com/archive/1/archive/1/441856/100/200/threaded
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
Debian Security Information: DSA-774 (Google Search)
http://www.debian.org/security/2005/dsa-774
http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00088.html
http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00089.html
http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00104.html
http://www.redhat.com/support/errata/RHSA-2005-640.html
SuSE Security Announcement: SUSE-SR:2005:018 (Google Search)
http://www.novell.com/linux/security/advisories/2005_18_sr.html
Cert/CC Advisory: TA06-214A
http://www.us-cert.gov/cas/techalerts/TA06-214A.html
http://www.securityfocus.com/bid/14349
BugTraq ID: 19289
http://www.securityfocus.com/bid/19289
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8833
http://www.vupen.com/english/advisories/2005/1171
http://www.vupen.com/english/advisories/2006/3101
http://www.osvdb.org/18174
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1038
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1124
http://secunia.com/advisories/16176
http://secunia.com/advisories/21253
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 40246 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.