SuSE 10 Security Update : fetchmail (ZYPP Patch Number 2608)
High Nessus Plugin ID 29425
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionThree security issues have been fixed in fetchmail :
- fetchmail when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers. (CVE-2005-4348)
- fetchmail did not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks. (CVE-2006-5867)
- fetchmail when refusing a message delivered via the mda option, allowed remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the ferror or fflush functions. (CVE-2006-5974)
SolutionApply ZYPP patch number 2608.