Mandrake Linux Security Advisory : fetchmail (MDKSA-2001:072)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A vulnerability was found by Salvatore Sanfilippo in both the IMAP and
POP3 code of fetchmail where the input is not verified and no bounds
checking is done. This can be exploited by a remote attacker to write
arbitrary data into memory. The attacker must have control of the mail
server the client is connecting to via fetchmail in order to exploit
this vulnerability.

Solution :

Update the affected fetchmail, fetchmail-daemon and / or fetchmailconf
packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 13887 (mandrake_MDKSA-2001-072.nasl)

Bugtraq ID:

CVE ID: CVE-2001-1009

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now