This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated Fetchmail packages are available for Red Hat Linux Advanced
Server which close a remotely-exploitable vulnerability in unpatched
versions of Fetchmail prior to 6.1.0.
Fetchmail is a remote mail retrieval and forwarding utility intended
for use over on-demand TCP/IP links such as SLIP and PPP connections.
Two bugs have been found in the header parsing code in versions of
Fetchmail prior to 6.1.0.
The first bug allows a remote attacker to crash Fetchmail by sending a
carefully crafted DNS packet. The second bug allows a remote attacker
to carefully craft an email in such a way that when it is parsed by
Fetchmail a heap overflow occurs, allowing remote arbitrary code
Both of these bugs are only exploitable if Fetchmail is being used in
multidrop mode (using the 'multiple-local-recipients' feature).
All users of Fetchmail are advised to upgrade to the errata packages
containing a backported fix which is not vulnerable to these issues.
See also :
Update the affected fetchmail and / or fetchmailconf packages.
Risk factor :
High / CVSS Base Score : 7.5
Family: Red Hat Local Security Checks
Nessus Plugin ID: 12327 ()
CVE ID: CVE-2002-1174CVE-2002-1175
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.