Ubuntu 6.06 LTS / 6.10 / 7.04 : fetchmail vulnerabilities (USN-520-1)

Ubuntu Security Notice (C) 2007-2013 Canonical, Inc. / NASL script (C) 2007-2013 Tenable Network Security, Inc.

Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Gaetan Leurent discovered a vulnerability in the APOP protocol based
on MD5 collisions. As fetchmail supports the APOP protocol, this
vulnerability can be used by attackers to discover a portion of the
APOP user's authentication credentials. (CVE-2007-1558)

Earl Chew discovered that fetchmail can be made to de-reference a NULL
pointer when contacting SMTP servers. This vulnerability can be used
by attackers who control the SMTP server to crash fetchmail and cause
a denial of service. (CVE-2007-4565).

Solution :

Update the affected fetchmail and / or fetchmailconf packages.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 28125 ()

Bugtraq ID:

CVE ID: CVE-2007-1558