openSUSE 10 Security Update : fetchmail (fetchmail-2602)
High Nessus Plugin ID 27213
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThree security issues have been fixed in fetchmail :
CVE-2005-4348: fetchmail when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.
CVE-2006-5867: fetchmail did not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.
CVE-2006-5974: fetchmail when refusing a message delivered via the mda option, allowed remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the ferror or fflush functions.
SolutionUpdate the affected fetchmail package.