drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in fetchmail
Name: |
Mehrere Probleme in fetchmail
|
|
ID: |
CSSA-2002-051.0 |
|
Distribution: |
Caldera |
|
Plattformen: |
Caldera Server 3.1, Caldera Workstation 3.1, Caldera Server 3.1.1, Caldera Workstation 3.1.1 |
|
Datum: |
Fr, 22. November 2002, 12:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Fetchmail |
|
Originalnachricht |
--3U8TY7m7wOx7RL1F Content-Disposition: inline
To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com
______________________________________________________________________________
SCO Security Advisory
Subject: Linux: fetchmail remote vulnerabilities in multidrop mode Advisory number: CSSA-2002-051.0 Issue date: 2002 November 21 Cross reference: ______________________________________________________________________________
1. Problem Description
Several buffer overflows have been found in fetchmail. These bugs may be remotely exploited if fetchmail is running in multidrop mode.
2. Vulnerable Supported Versions
System Package ----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to fetchmail-6.1.0-3.i386.rpm prior to fetchmailconf-6.1.0-3.i386.rpm
OpenLinux 3.1.1 Workstation prior to fetchmail-6.1.0-3.i386.rpm prior to fetchmailconf-6.1.0-3.i386.rpm
OpenLinux 3.1 Server prior to fetchmail-6.1.0-3.i386.rpm prior to fetchmailconf-6.1.0-3.i386.rpm
OpenLinux 3.1 Workstation prior to fetchmail-6.1.0-3.i386.rpm prior to fetchmailconf-6.1.0-3.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-051.0/RPMS
4.2 Packages
434fea1951a0d2f3b84aacef99c64406 fetchmail-6.1.0-3.i386.rpm f4a95f399c696a47d30cb42076a16537 fetchmailconf-6.1.0-3.i386.rpm
4.3 Installation
rpm -Fvh fetchmail-6.1.0-3.i386.rpm rpm -Fvh fetchmailconf-6.1.0-3.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-051.0/SRPMS
4.5 Source Packages
4c7bc139f6e47d9971d65496e60a076b fetchmail-6.1.0-3.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-051.0/RPMS
5.2 Packages
645cf83c0c1619d544a18b9ce5f9d075 fetchmail-6.1.0-3.i386.rpm cc9e945ccf9d649683a4f5dfca3b771a fetchmailconf-6.1.0-3.i386.rpm
5.3 Installation
rpm -Fvh fetchmail-6.1.0-3.i386.rpm rpm -Fvh fetchmailconf-6.1.0-3.i386.rpm
5.4 Source Package Location
SRPMS
5.5 Source Packages
cb48bec8553df5c52f625ecad3a9411b fetchmail-6.1.0-3.src.rpm
6. OpenLinux 3.1 Server
6.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-051.0/RPMS
6.2 Packages
65173695a1ed34351d66264d194612b7 fetchmail-6.1.0-3.i386.rpm 00f87fcb9ce0d8b1253ccc0e10d488a6 fetchmailconf-6.1.0-3.i386.rpm
6.3 Installation
rpm -Fvh fetchmail-6.1.0-3.i386.rpm rpm -Fvh fetchmailconf-6.1.0-3.i386.rpm
6.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-051.0/SRPMS
6.5 Source Packages
4554b6c1ba5cc11ab5a0dae47c742605 fetchmail-6.1.0-3.src.rpm
7. OpenLinux 3.1 Workstation
7.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-051.0/RPMS
7.2 Packages
84ef9db93e4e3ecf962332495efb4979 fetchmail-6.1.0-3.i386.rpm 48b5987e053098ba15c9105386b9b32d fetchmailconf-6.1.0-3.i386.rpm
7.3 Installation
rpm -Fvh fetchmail-6.1.0-3.i386.rpm rpm -Fvh fetchmailconf-6.1.0-3.i386.rpm
7.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-051.0/SRPMS
7.5 Source Packages
9ee9d217103d8ca4b8ac97d6e7709a4d fetchmail-6.1.0-3.src.rpm
8. References
Specific references for this advisory:
http://security.e-matters.de/advisories/032002.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1174
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr869910, fz526231, erg712133.
9. Disclaimer
SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products.
10. Acknowledgements
Stefan Esser [s.esser@e-matters.de] discovered and researched these vulnerabilities.
______________________________________________________________________________
--3U8TY7m7wOx7RL1F Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (SCO_SV) Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj3dOMkACgkQbluZssSXDTGPQgCgjmlNCI+vLUDeI5zxiAsPVlRD RmYAn1Kv4+x93f3E6tK3Q/up7qv7xWJB =yzEf -----END PGP SIGNATURE-----
--3U8TY7m7wOx7RL1F--
|
|
|
|