CentOS 3 / 4 / 5 : fetchmail (CESA-2007:0385)

low Nessus Plugin ID 25447
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 4


The remote CentOS host is missing a security update.


An updated fetchmail package that fixes a security bug is now available for Red Hat Enterprise Linux 2.1, 3, 4 and 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections.

A flaw was found in the way fetchmail processed certain APOP authentication requests. By sending certain responses when fetchmail attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558)

All users of fetchmail should upgrade to this updated package, which contains a backported patch to correct this issue.


Update the affected fetchmail package.

See Also









Plugin Details

Severity: Low

ID: 25447

File Name: centos_RHSA-2007-0385.nasl

Version: 1.18

Type: local

Agent: unix

Published: 6/7/2007

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: Low

VPR Score: 4

CVSS v2.0

Base Score: 2.6

Temporal Score: 2

Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:centos:centos:fetchmail, cpe:/o:centos:centos:3, cpe:/o:centos:centos:4, cpe:/o:centos:centos:5

Required KB Items: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/7/2007

Vulnerability Publication Date: 4/16/2007

Reference Information

CVE: CVE-2007-1558

BID: 23257

RHSA: 2007:0385