Mandrake Linux Security Advisory : fetchmail (MDKSA-2001:063)

High Nessus Plugin ID 13878


The remote Mandrake Linux host is missing one or more security updates.


Wolfram Kleff reported recently that the fetchmail program would segfault when receiving emails with a very large 'To:' header. This is due to a buffer overflow within the header parsing code, which can be exploited remotely.


Update the affected fetchmail, fetchmail-daemon and / or fetchmailconf packages.

See Also

Plugin Details

Severity: High

ID: 13878

File Name: mandrake_MDKSA-2001-063.nasl

Version: $Revision: 1.13 $

Type: local

Published: 2004/07/31

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:fetchmail, p-cpe:/a:mandriva:linux:fetchmail-daemon, p-cpe:/a:mandriva:linux:fetchmailconf, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2, cpe:/o:mandrakesoft:mandrake_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2001/07/05

Reference Information

CVE: CVE-2001-0819

MDKSA: 2001:063