FreeBSD : fetchmail -- denial of service vulnerability (09910d76-4c82-11df-83fb-0015587e2cc1)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Fetchmail developer Matthias Andree reported a vulnerability that
allows remote attackers to crash the application when it is runs in
verbose mode.

Fetchmail before release 6.3.17 did not properly sanitize external
input (mail headers and UID). When a multi-character locale (such as
UTF-8) was in use, this could cause memory exhaustion and thus a
denial of service.

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=145857
http://gitorious.org/fetchmail/fetchmail/commit/ec06293
http://seclists.org/oss-sec/2010/q2/76
http://www.nessus.org/u?02697bd1

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 45583 (freebsd_pkg_09910d764c8211df83fb0015587e2cc1.nasl)

Bugtraq ID:

CVE ID: CVE-2010-1167

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now