CentOS 3 / 4 / 5 : fetchmail (CESA-2007:0385)

low Nessus Plugin ID 25447
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 4

Synopsis

The remote CentOS host is missing a security update.

Description

An updated fetchmail package that fixes a security bug is now available for Red Hat Enterprise Linux 2.1, 3, 4 and 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections.

A flaw was found in the way fetchmail processed certain APOP authentication requests. By sending certain responses when fetchmail attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558)

All users of fetchmail should upgrade to this updated package, which contains a backported patch to correct this issue.

Solution

Update the affected fetchmail package.

See Also

http://www.nessus.org/u?cb3cd6d9

http://www.nessus.org/u?a165db8b

http://www.nessus.org/u?84a4bc57

http://www.nessus.org/u?7d50f362

http://www.nessus.org/u?a2497dd6

http://www.nessus.org/u?7d9b03e5

http://www.nessus.org/u?9d0ab99c

http://www.nessus.org/u?2b56fcee

Plugin Details

Severity: Low

ID: 25447

File Name: centos_RHSA-2007-0385.nasl

Version: 1.18

Type: local

Agent: unix

Published: 6/7/2007

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: Low

VPR Score: 4

CVSS v2.0

Base Score: 2.6

Temporal Score: 2

Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:centos:centos:fetchmail, cpe:/o:centos:centos:3, cpe:/o:centos:centos:4, cpe:/o:centos:centos:5

Required KB Items: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/7/2007

Vulnerability Publication Date: 4/16/2007

Reference Information

CVE: CVE-2007-1558

BID: 23257

RHSA: 2007:0385