[Frugalware-security] [ FSA-97 ] fetchmail
noreply at frugalware.org
Tue Jan 16 11:40:00 CET 2007
-----BEGIN PGP SIGNED MESSAGE-----
Frugalware Security Advisory FSA-97
Vulnerable versions: <= 6.3.4-1
Unaffected versions: >= 6.3.6-1siwenna1
Related bugreport: http://bugs.frugalware.org/task/1608
A vulnerability and a security issue have been reported in Fetchmail, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and by malicious people to gain knowledge of sensitive information.
1) A NULL pointer dereference error in Fetchmail, when refusing a message that was bound for delivery by a message delivery agent (MDA) via the "mda" option, can be exploited to crash the service.
2) Several errors could lead to the authentication in plain text despite the configured settings, resulting in the possibility of passwords being eavesdropped.
Check if you have fetchmail installed:
# pacman -Q fetchmail
If found, then you should upgrade to the latest version:
# pacman -Sy fetchmail
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info
-----END PGP SIGNATURE-----
More information about the Frugalware-security