 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.69824 |
| Category: | Mandrake Local Security Checks |
| Title: | Mandriva Security Advisory MDVSA-2011:107 (fetchmail) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to fetchmail announced via advisory MDVSA-2011:107. Multiple vulnerabilities were discovered and corrected in fetchmail: fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list (CVE-2010-1167). NOTE: This vulnerability did not affect Mandriva Linux 2010.2. fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets (CVE-2011-1947). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been upgraded to the 6.3.20 version which is not vulnerable to these issues. Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:107 http://seclists.org/oss-sec/2011/q2/551 Risk factor : Medium CVSS Score: 5.0 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-1167 20100506 fetchmail security announcement fetchmail-SA-2010-02 (CVE-2010-1167) http://www.securityfocus.com/archive/1/511140/100/0/threaded 39556 http://www.securityfocus.com/bid/39556 MDVSA-2011:107 http://www.mandriva.com/security/advisories?name=MDVSA-2011:107 http://developer.berlios.de/project/shownotes.php?group_id=1824&release_id=17512 http://www.fetchmail.info/fetchmail-SA-2010-02.txt Common Vulnerability Exposure (CVE) ID: CVE-2011-1947 BugTraq ID: 48043 http://www.securityfocus.com/bid/48043 Bugtraq: 20110606 fetchmail security announcement fetchmail-SA-2011-01 (CVE-2011-1947) (Google Search) http://www.securityfocus.com/archive/1/518251/100/0/threaded http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061672.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061735.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061634.html http://openwall.com/lists/oss-security/2011/05/30/1 http://openwall.com/lists/oss-security/2011/05/31/12 http://openwall.com/lists/oss-security/2011/05/31/17 http://openwall.com/lists/oss-security/2011/06/01/2 http://www.securitytracker.com/id?1025605 XForce ISS Database: fetchmail-starttls-dos(67700) https://exchange.xforce.ibmcloud.com/vulnerabilities/67700 |
| Copyright | Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |