FreeBSD : fetchmail -- denial-of-service vulnerability (ac4b9d18-67a9-11d8-80e3-0020ed76ef5a)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Dave Jones discovered a denial-of-service vulnerability in fetchmail.
An email message containing a very long line could cause fetchmail to
segfault due to missing NUL termination in transact.c.

Eric Raymond decided not to mention this issue in the release notes
for fetchmail 6.2.5, but it was fixed there.

See also :

http://xforce.iss.net/xforce/xfdb/13450
http://www.nessus.org/u?0a2fe23d
http://www.nessus.org/u?bd55c760

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:ND)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 37051 (freebsd_pkg_ac4b9d1867a911d880e30020ed76ef5a.nasl)

Bugtraq ID: 8843

CVE ID: CVE-2003-0792

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now