Debian DSA-774-1 : fetchmail - buffer overflow
Medium Nessus Plugin ID 19430
SynopsisThe remote Debian host is missing a security-related update.
DescriptionEdward Shornock discovered a bug in the UIDL handling code of fetchmail, a common POP3, APOP and IMAP mail fetching utility. A malicious POP3 server could exploit this problem and inject arbitrary code that will be executed on the victim host. If fetchmail is running as root, this becomes a root exploit.
SolutionUpgrade the fetchmail package.
The old stable distribution (woody) is not affected by this problem.
For the stable distribution (sarge) this problem has been fixed in version 6.2.5-12sarge1.