This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.
The remote SuSE 10 host is missing a security-related patch.
Three security issues have been fixed in fetchmail :
- fetchmail when configured for multidrop mode, allows
remote attackers to cause a denial of service
(application crash) by sending messages without headers
from upstream mail servers. (CVE-2005-4348)
- fetchmail did not properly enforce TLS and may transmit
cleartext passwords over unsecured links if certain
circumstances occur, which allows remote attackers to
obtain sensitive information via man-in-the-middle
(MITM) attacks. (CVE-2006-5867)
- fetchmail when refusing a message delivered via the mda
option, allowed remote attackers to cause a denial of
service (crash) via unknown vectors that trigger a NULL
pointer dereference when calling the ferror or fflush
See also :
Apply ZYPP patch number 2608.
Risk factor :
High / CVSS Base Score : 7.8