FrSIRT - Mandriva Security Update Fixes Fetchmail Warning Message Denial of Service / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Mandriva Security Update Fixes Fetchmail Warning Message Denial of Service

Title : Mandriva Security Update Fixes Fetchmail Warning Message Denial of Service
Advisory ID : FrSIRT/ADV-2007-3122
CVE ID : CVE-2007-4565
Rated as : Low Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-09-13

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Mandriva, which could be exploited by attackers to cause a denial of service [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2007.0:
ec4f5dea69e44968c18ed13aec63fbc4 2007.0/i586/fetchmail-6.3.4-3.3mdv2007.0.i586.rpm
6714594d428e0e2e0ed3e677c7813fda 2007.0/i586/fetchmail-daemon-6.3.4-3.3mdv2007.0.i586.rpm
4d2fbbf2de3d9204647f5a3cd7991e56 2007.0/i586/fetchmailconf-6.3.4-3.3mdv2007.0.i586.rpm
47b05bee8f922fe043863399cad72818 2007.0/SRPMS/fetchmail-6.3.4-3.3mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
1bd5250e46911f1c58e29d99c3ca7b70 2007.0/x86_64/fetchmail-6.3.4-3.3mdv2007.0.x86_64.rpm
3f9aefbedfdc5dcd888c77314827eb41 2007.0/x86_64/fetchmail-daemon-6.3.4-3.3mdv2007.0.x86_64.rpm
899116e39b78dc4184c4f4a1a8d839ff 2007.0/x86_64/fetchmailconf-6.3.4-3.3mdv2007.0.x86_64.rpm
47b05bee8f922fe043863399cad72818 2007.0/SRPMS/fetchmail-6.3.4-3.3mdv2007.0.src.rpm

Mandriva Linux 2007.1:
01a5cdfd3329fc919b76bbbd955f1765 2007.1/i586/fetchmail-6.3.6-1.2mdv2007.1.i586.rpm
cdc7413cca7f26b5f10a2ade1412f05e 2007.1/i586/fetchmail-daemon-6.3.6-1.2mdv2007.1.i586.rpm
01de767500146bb7f00e5282267cc348 2007.1/i586/fetchmailconf-6.3.6-1.2mdv2007.1.i586.rpm
36ae6d7fa6fd77a2925e5ac64e7a0394 2007.1/SRPMS/fetchmail-6.3.6-1.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
3a5fd389cb5ab9d3e66772df25a5d081 2007.1/x86_64/fetchmail-6.3.6-1.2mdv2007.1.x86_64.rpm
a9ea49f814c8305ad5b845d5afd11db2 2007.1/x86_64/fetchmail-daemon-6.3.6-1.2mdv2007.1.x86_64.rpm
20cd90c65804e6272fdf8f95586799e4 2007.1/x86_64/fetchmailconf-6.3.6-1.2mdv2007.1.x86_64.rpm
36ae6d7fa6fd77a2925e5ac64e7a0394 2007.1/SRPMS/fetchmail-6.3.6-1.2mdv2007.1.src.rpm

Corporate 3.0:
c467b462473a61160ef0f00a1fae355e corporate/3.0/i586/fetchmail-6.2.5-3.6.C30mdk.i586.rpm
781126a4db0c738eac5cdd9ec8cc5981 corporate/3.0/i586/fetchmail-daemon-6.2.5-3.6.C30mdk.i586.rpm
ae3874e52845214fb1bf7eecdc6abf84 corporate/3.0/i586/fetchmailconf-6.2.5-3.6.C30mdk.i586.rpm
230cbc53c8bbba90c486708fff76abea corporate/3.0/SRPMS/fetchmail-6.2.5-3.6.C30mdk.src.rpm

Corporate 3.0/X86_64:
eb699fd754ebd4946bfe7c026f6f2e42 corporate/3.0/x86_64/fetchmail-6.2.5-3.6.C30mdk.x86_64.rpm
e7ecb2da9c3d73f3b0a5cebf13930f7e corporate/3.0/x86_64/fetchmail-daemon-6.2.5-3.6.C30mdk.x86_64.rpm
b6bfcbc53aabb69d1c07d0fb0a8afed8 corporate/3.0/x86_64/fetchmailconf-6.2.5-3.6.C30mdk.x86_64.rpm
230cbc53c8bbba90c486708fff76abea corporate/3.0/SRPMS/fetchmail-6.2.5-3.6.C30mdk.src.rpm

Corporate 4.0:
81cfe01e0da3ca09cf7c4ac39bdf48d1 corporate/4.0/i586/fetchmail-6.2.5-11.5.20060mlcs4.i586.rpm
40b38bce6f851cf3165b0e8a8f5f3c50 corporate/4.0/i586/fetchmail-daemon-6.2.5-11.5.20060mlcs4.i586.rpm
d7c94a1d6e803c00e5c05f0aa0efc477 corporate/4.0/i586/fetchmailconf-6.2.5-11.5.20060mlcs4.i586.rpm
3efc2789b3ea0582b5c6ec70d65ddff5 corporate/4.0/SRPMS/fetchmail-6.2.5-11.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
58c9d8daa4ba5a11b96b4373d9f2b45c corporate/4.0/x86_64/fetchmail-6.2.5-11.5.20060mlcs4.x86_64.rpm
a9e54ac1f2a56a0ceca4663e1b970201 corporate/4.0/x86_64/fetchmail-daemon-6.2.5-11.5.20060mlcs4.x86_64.rpm
de9f1acd42b3a445e9fe8c74b4b90094 corporate/4.0/x86_64/fetchmailconf-6.2.5-11.5.20060mlcs4.x86_64.rpm
3efc2789b3ea0582b5c6ec70d65ddff5 corporate/4.0/SRPMS/fetchmail-6.2.5-11.5.20060mlcs4.src.rpm

ChangeLog

2007-09-13 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
	Apple Xcode Code Execution and Information Disclosure Vulnerabilities
	Apple TV Data Processing Remote Code Execution Vulnerabilities
	Apple Mac OS X Command Execution and Security Bypass Issues
	Apple Safari for Mac OS X Remote Code Execution Vulnerability
	Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability
	Apple Safari Code Execution and Information Disclosure Vulnerabilities

	IBM WebSphere Application Server Security Exposure Vulnerabilities
	IBM AIX DNS Transaction ID Remote Cache Poisoning Vulnerability
	IBM Tivoli Directory Server Entry Handling Double-Free Vulnerability
	IBM AFP Viewer Plug-In "SRC" Property Buffer Overflow Vulnerability
	IBM Hardware Management Console Cross Site Scripting Vulnerabilities
	IBM OS/400 BrSmRcvAndCheck Local Buffer Overflow Vulnerability
	IBM DB2 Multiple Buffer Overflow and Security Bypass Vulnerabilities