Test ID:	1.3.6.1.4.1.25623.1.0.61211
Category:	Fedora Local Security Checks
Title:	Fedora Core 9 FEDORA-2008-5789 (fetchmail)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to fetchmail announced via advisory FEDORA-2008-5789. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC) for retrieval. Then Fetchmail forwards the mail through SMTP so you can read it through your favorite mail client. Install fetchmail if you need to retrieve mail over SLIP or PPP connections. Update Information: http://fetchmail.berlios.de/fetchmail-SA-2008-01.txt ChangeLog: * Fri Jun 27 2008 Vitezslav Crhonek - 6.3.8-7 - Fix CVE-2008-2711 References: [ 1 ] Bug #451758 - CVE-2008-2711 fetchmail: Crash in large log messages in verbose mode https://bugzilla.redhat.com/show_bug.cgi?id=451758 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update fetchmail' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2008-5789 Risk factor : Medium CVSS Score: 4.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2711 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html BugTraq ID: 29705 http://www.securityfocus.com/bid/29705 Bugtraq: 20080617 fetchmail security announcement fetchmail-SA-2008-01 (CVE-2008-2711) (Google Search) http://www.securityfocus.com/archive/1/493391/100/0/threaded Bugtraq: 20080729 rPSA-2008-0235-1 fetchmail fetchmailconf (Google Search) http://www.securityfocus.com/archive/1/494865/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01091.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01095.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:117 https://bugzilla.novell.com/show_bug.cgi?id=354291 http://www.openwall.com/lists/oss-security/2008/06/13/1 http://www.openwall.com/lists/oss-security/2021/08/09/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10950 http://www.securitytracker.com/id?1020298 http://secunia.com/advisories/30742 http://secunia.com/advisories/30895 http://secunia.com/advisories/31262 http://secunia.com/advisories/31287 http://secunia.com/advisories/33937 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.495740 http://www.vupen.com/english/advisories/2008/1860/references http://www.vupen.com/english/advisories/2009/0422 XForce ISS Database: fetchmail-logmessage-dos(43121) https://exchange.xforce.ibmcloud.com/vulnerabilities/43121
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.