drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in fetchmail
Name: |
Mehrere Probleme in fetchmail |
|
ID: |
TLSA-2007-3 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux 8 Server, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition |
|
Datum: |
Fr, 9. Februar 2007, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867 |
|
Applikationen: |
Fetchmail |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2007-3 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 08 Feb 2007 Last revised: 08 Feb 2007
Package: fetchmail
Summary: Three vulnerabilities discovered in fetchmail
More information: fetchmail is a software package to retrieve mail from remote POP2, POP3, IMAP, ETRN or ODMR servers and forward it to local SMTP, LMTP servers or message delivery agents.
Crash retrieving headerless message in multidrop mode. Passwords are written to a world-readable file. Cleartext passwords over unsecured links. Impact: When configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers. Creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords. Transmit cleartext passwords over unsecured links
Affected Products: - Turbolinux Appliance Server 2.0 - Turbolinux FUJI - Turbolinux 10 Server x64 Edition - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux Multimedia - Turbolinux Personal - Turbolinux 8 Server
<Turbolinux Appliance Server 2.0>
Source Packages Size: MD5
fetchmail-6.2.5-6.src.rpm 1273500 6d2da4ccb21540072db38115f7117a11
Binary Packages Size: MD5
fetchmail-6.2.5-6.i586.rpm 452294 f8d8a8207edef01a1f0ebbc553a166b4
<Turbolinux FUJI>
Source Packages Size: MD5
fetchmail-6.2.5-6.src.rpm 1273500 94fb34d8a3b279260ed9bd02db446c12
Binary Packages Size: MD5
fetchmail-6.2.5-6.i686.rpm 579574 fff76360b10467f4ea2e529c7fb5e534 fetchmailconf-6.2.5-6.i686.rpm 29008 e8ac2d15f874bbbff47bfd51ca4edf13
<Turbolinux 10 Server x64 Edition>
Source Packages Size: MD5
fetchmail-6.2.5-6.src.rpm 1273500 5e270fe159d444cd0c5abb70bf78d04a
Binary Packages Size: MD5
fetchmail-6.2.5-6.x86_64.rpm 463378 ddf13c6bff1de0c4db022b4adb6aee86
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages Size: MD5
fetchmail-6.2.5-6.src.rpm 1273500 825891ca4d47d6801ebb0cf0d8b999de
Binary Packages Size: MD5
fetchmail-6.2.5-6.i586.rpm 448554 4ab6264ccbdf8b7b3cb53883daf9e11c
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages Size: MD5
fetchmail-6.2.5-6.src.rpm 1273500 7ab5783fae645535699dc228b3cb8b91
Binary Packages Size: MD5
fetchmail-6.2.5-6.i586.rpm 449147 38452008b1563fb8fd6238baae822be0
<Turbolinux 10 Server>
Source Packages Size: MD5
fetchmail-6.2.5-6.src.rpm 1273500 6d2da4ccb21540072db38115f7117a11
Binary Packages Size: MD5
fetchmail-6.2.5-6.i586.rpm 452294 f8d8a8207edef01a1f0ebbc553a166b4
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>
Source Packages Size: MD5
fetchmail-6.2.5-6.src.rpm 1273500 afa4d8688c2b55a98bb996b6cfea1618
Binary Packages Size: MD5
fetchmail-6.2.5-6.i586.rpm 452900 0c28bd25b7056705f73a20af4cfedc55 fetchmailconf-6.2.5-6.i586.rpm 27121 dc3ec4385a040b75dd14ccc68d442888
<Turbolinux 8 Server>
Source Packages Size: MD5
fetchmail-6.2.5-6.src.rpm 1273500 664d89c3ad759ab4abf2688950b28b0b
Binary Packages Size: MD5
fetchmail-6.2.5-6.i586.rpm 449665 ab215a88c60bc1b169ed9f41cf2cb50e fetchmailconf-6.2.5-6.i586.rpm 26651 e9fa0034916a228175f677eb042fd594
References:
CVE [CVE-2005-4348] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348 [CVE-2005-3088] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088 [CVE-2006-5867] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867
-------------------------------------------------------------------------- Revision History 08 Feb 2007 Initial release --------------------------------------------------------------------------
Copyright(C) 2007 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFFyxL0K0LzjOqIJMwRAjORAJ9OaUYuo9DurohlGEteFNh02nyeUACfWScb V6bcXN31SojWkAnEQP3NSAA= =9+eg -----END PGP SIGNATURE-----
|
|
|
|