Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 216-1 (fetchmail)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to fetchmail announced via advisory DSA 216-1.
Insight
Insight
Stefan Esser of e-matters discovered a buffer overflow in fetchmail, an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder. When fetchmail retrieves a mail all headers that contain addresses are searched for local addresses. If a hostname is missing, fetchmail appends it but doesn't reserve enough space for it. This heap overflow can be used by remote attackers to crash it or to execute arbitrary code with the privileges of the user running fetchmail. For the current stable distribution (woody) this problem has been fixed in version 5.9.11-6.2 of fetchmail and fetchmail-ssl. For the old stable distribution (potato) this problem has been fixed in version 5.3.3-4.3. For the current unstable distribution (sid) this problem has been fixed in version 6.2.0-1 of fetchmail and fetchmail-ssl. We recommend that you upgrade your fetchmail packages.
Solution
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20216-1