Mandrake Linux Security Advisory : fetchmail (MDKSA-2002:036)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A problem was discovered with versions of fetchmail prior to 5.9.10
that was triggered by retreiving mail from an IMAP server. The
fetchmail client will allocate an array to store the sizes of the
messages it is attempting to retrieve. This array size is determined
by the number of messages the server is claiming to have, and
fetchmail would not check whether or not the number of messages the
server was claiming was too high. This would allow a malicious server
to make the fetchmail process write data outside of the array bounds.

See also :

http://www.nessus.org/u?38f785bd

Solution :

Update the affected fetchmail, fetchmail-daemon and / or fetchmailconf
packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 13941 (mandrake_MDKSA-2002-036.nasl)

Bugtraq ID:

CVE ID: CVE-2002-0146

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now