Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in fetchmail
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in fetchmail
ID: TLSA-2007-3
Distribution: TurboLinux
Plattformen: Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux 8 Server, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition
Datum: Fr, 9. Februar 2007, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867
Applikationen: Fetchmail

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2007-3
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 08 Feb 2007
 Last revised: 08 Feb 2007

 Package: fetchmail

 Summary: Three vulnerabilities discovered in fetchmail

 More information:
    fetchmail is a software package to retrieve mail from remote POP2, POP3,
    IMAP, ETRN or ODMR servers and forward it to local SMTP, LMTP servers or
    message delivery agents.

    Crash retrieving headerless message in multidrop mode.
    Passwords are written to a world-readable file.
    Cleartext passwords over unsecured links.
    
 Impact:
    When configured for multidrop mode, allows remote attackers to cause a 
    denial of service (application crash) by sending messages without headers
    from upstream mail servers.
    Creates configuration files with insecure world-readable permissions, which
    allows local users to obtain sensitive information such as passwords.
    Transmit cleartext passwords over unsecured links

 Affected Products:
    - Turbolinux Appliance Server 2.0
    - Turbolinux FUJI
    - Turbolinux 10 Server x64 Edition
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux Multimedia
    - Turbolinux Personal
    - Turbolinux 8 Server


 <Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   fetchmail-6.2.5-6.src.rpm
      1273500 6d2da4ccb21540072db38115f7117a11

   Binary Packages
   Size: MD5

   fetchmail-6.2.5-6.i586.rpm
       452294 f8d8a8207edef01a1f0ebbc553a166b4

 <Turbolinux FUJI>

   Source Packages
   Size: MD5

   fetchmail-6.2.5-6.src.rpm
      1273500 94fb34d8a3b279260ed9bd02db446c12

   Binary Packages
   Size: MD5

   fetchmail-6.2.5-6.i686.rpm
       579574 fff76360b10467f4ea2e529c7fb5e534
   fetchmailconf-6.2.5-6.i686.rpm
        29008 e8ac2d15f874bbbff47bfd51ca4edf13

 <Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   fetchmail-6.2.5-6.src.rpm
      1273500 5e270fe159d444cd0c5abb70bf78d04a

   Binary Packages
   Size: MD5

   fetchmail-6.2.5-6.x86_64.rpm
       463378 ddf13c6bff1de0c4db022b4adb6aee86

 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   fetchmail-6.2.5-6.src.rpm
      1273500 825891ca4d47d6801ebb0cf0d8b999de

   Binary Packages
   Size: MD5

   fetchmail-6.2.5-6.i586.rpm
       448554 4ab6264ccbdf8b7b3cb53883daf9e11c

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   fetchmail-6.2.5-6.src.rpm
      1273500 7ab5783fae645535699dc228b3cb8b91

   Binary Packages
   Size: MD5

   fetchmail-6.2.5-6.i586.rpm
       449147 38452008b1563fb8fd6238baae822be0

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   fetchmail-6.2.5-6.src.rpm
      1273500 6d2da4ccb21540072db38115f7117a11

   Binary Packages
   Size: MD5

   fetchmail-6.2.5-6.i586.rpm
       452294 f8d8a8207edef01a1f0ebbc553a166b4

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux
 Multimedia, Turbolinux Personal>

   Source Packages
   Size: MD5

   fetchmail-6.2.5-6.src.rpm
      1273500 afa4d8688c2b55a98bb996b6cfea1618

   Binary Packages
   Size: MD5

   fetchmail-6.2.5-6.i586.rpm
       452900 0c28bd25b7056705f73a20af4cfedc55
   fetchmailconf-6.2.5-6.i586.rpm
        27121 dc3ec4385a040b75dd14ccc68d442888

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   fetchmail-6.2.5-6.src.rpm
      1273500 664d89c3ad759ab4abf2688950b28b0b

   Binary Packages
   Size: MD5

   fetchmail-6.2.5-6.i586.rpm
       449665 ab215a88c60bc1b169ed9f41cf2cb50e
   fetchmailconf-6.2.5-6.i586.rpm
        26651 e9fa0034916a228175f677eb042fd594

 
 References:

 CVE
   [CVE-2005-4348]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348
   [CVE-2005-3088]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088
   [CVE-2006-5867]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867

 --------------------------------------------------------------------------
 Revision History
    08 Feb 2007 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2007 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFFyxL0K0LzjOqIJMwRAjORAJ9OaUYuo9DurohlGEteFNh02nyeUACfWScb
V6bcXN31SojWkAnEQP3NSAA=
=9+eg
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung