|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Daniel Ahlberg (aliz_at_gentoo.org)
Date: Tue Oct 01 2002 - 04:41:47 CDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT
- - --------------------------------------------------------------------
PACKAGE :fetchmail
SUMMARY :remote vulnerabilities
DATE :2002-10-01 09:30 UTC
- - --------------------------------------------------------------------
OVERVIEW
Stefan Esser from e-matters has discovered several buffer overflows and
a broken boundary check within Fetchmail.
DETAIL
If Fetchmail is running in multidrop mode these flaws can be used by
remote attackers to crash it or to execute arbitrary code with the
permissions of the user running fetchmail. Depending on the configuration
this allows a remote root compromise.
Read the full advisory at
http://security.e-matters.de/advisories/032002.html
SOLUTION
It is recommended that all Gentoo Linux users who are running
net-mail/fetchmai-0.59.14 and earlier update their systems
as follows:
emerge rsync
emerge fetchmail
emerge clean
- - --------------------------------------------------------------------
aliz
gentoo.org - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9mW3bfT7nyhUpoZMRAj24AJ4v6eTU4W0kFymRqxVhVm+pzLzqvACcCLP0
X1kl66YrBuEJozTTNzpwhAg=
=9mUU
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]