Home page logo
/

bugtraq logo Bugtraq mailing list archives

GLSA: fetchmail
From: Daniel Ahlberg <aliz () gentoo org>
Date: Tue, 1 Oct 2002 11:41:47 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT
- - --------------------------------------------------------------------

PACKAGE        :fetchmail
SUMMARY        :remote vulnerabilities
DATE           :2002-10-01 09:30 UTC

- - --------------------------------------------------------------------

OVERVIEW

Stefan Esser from e-matters has discovered several buffer overflows and
a broken boundary check within Fetchmail.

DETAIL

If Fetchmail is running in multidrop mode these flaws can be used by
remote attackers to crash it or to execute arbitrary code with the
permissions of the user running fetchmail. Depending on the configuration
this allows a remote root compromise.

Read the full advisory at
http://security.e-matters.de/advisories/032002.html

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-mail/fetchmai-0.59.14 and earlier update their systems
as follows:

emerge rsync
emerge fetchmail
emerge clean

- - --------------------------------------------------------------------
aliz () gentoo org - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9mW3bfT7nyhUpoZMRAj24AJ4v6eTU4W0kFymRqxVhVm+pzLzqvACcCLP0
X1kl66YrBuEJozTTNzpwhAg=
=9mUU
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • GLSA: fetchmail Daniel Ahlberg (Oct 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault