Mandrake Linux Security Advisory : fetchmail (MDKSA-2005:236)

High Nessus Plugin ID 20467


The remote Mandrake Linux host is missing one or more security updates.


Fetchmail before 6.3.1 and before, when configured for multidrop mode, allows remote attackers to cause a DoS (application crash) by sending messages without headers from upstream mail servers.

The updated packages have been patched to correct this problem.


Update the affected fetchmail, fetchmail-daemon and / or fetchmailconf packages.

Plugin Details

Severity: High

ID: 20467

File Name: mandrake_MDKSA-2005-236.nasl

Version: $Revision: 1.14 $

Type: local

Published: 2006/01/15

Modified: 2015/03/19

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:fetchmail, p-cpe:/a:mandriva:linux:fetchmail-daemon, p-cpe:/a:mandriva:linux:fetchmailconf, cpe:/o:mandrakesoft:mandrake_linux:10.1, cpe:/o:mandriva:linux:2006, x-cpe:/o:mandrakesoft:mandrake_linux:le2005

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 2005/12/23

Reference Information

CVE: CVE-2005-4348

BID: 15987

MDKSA: 2005:236