Description: | Description:
The remote host is missing an update to fetchmail announced via advisory USN-233-1.
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger)
The following packages are affected: fetchmail
Steve Fosdick discovered a remote Denial of Service vulnerability in fetchmail. When using fetchmail in 'multidrop' mode, a malicious email server could cause a crash by sending an email without any headers. Since fetchmail is commonly called automatically (with cron, for example), this crash could go unnoticed.
Solution: The problem can be corrected by upgrading the affected package to version 6.2.5-8ubuntu2.3 (for Ubuntu 4.10), 6.2.5-12ubuntu1.3 (for Ubuntu 5.04), or 6.2.5-13ubuntu3.2 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes.
http://www.securityspace.com/smysecure/catid.html?in=USN-233-1
Risk factor : High
CVSS Score: 7.8
|