Detections
Analytics
RHEL 2.1 : fetchmail (RHSA-2002:294)
high Nessus Plugin ID 12342
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated Fetchmail packages are available for Red Hat Linux Advanced Server which close a remotely-exploitable vulnerability in unpatched versions of Fetchmail prior to 6.2.0.[Updated 06 Feb 2003] Added fixed packages for Advanced Workstation
Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links such as SLIP and PPP connections.
A bug has been found in the header parsing code in versions of Fetchmail prior to 6.2.0.
The bug allows a remote attacker to crash Fetchmail and potentially execute arbitrary code by sending a carefully crafted email which is parsed by Fetchmail.
All users of Fetchmail are advised to upgrade to the errata packages containing a backported fix which corrects this issue.
Solution
Update the affected fetchmail and / or fetchmailconf packages.See Also
https://access.redhat.com/security/cve/cve-2002-1365
http://www.nessus.org/u?38f785bd
https://www.e-matters.de/unternehmen/news/security-advisory-05_2002
Plugin Details
Severity: High
ID: 12342
File Name: redhat-RHSA-2002-294.nasl
Version: 1.27
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 7/6/2004
Updated: 1/14/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.5
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:fetchmail, p-cpe:/a:redhat:enterprise_linux:fetchmailconf, cpe:/o:redhat:enterprise_linux:2.1
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Patch Publication Date: 2/5/2003
Vulnerability Publication Date: 12/23/2002
Reference Information
CVE: CVE-2002-1365
RHSA: 2002:294