CERTA-2005-AVI-278
Vulnerability from certfr_avis

None

Description

cette vulnérabilité et injecter du code arbitraire à distance permettant, entre autres, d'obtenir les droits administrateurs sur la machine vulnérable.

L'exploitation de cette faille à destination d'une machine disposant de Fetchmail 6.2.5.1 ne provoque qu'un déni de service.

Solution

Passer en version 6.2.5.2 et appliquer le patch fetchmail-patch-6.2.5.2 :

http://developer.berlios.de/project/showfiles.php?group_id=1824

Fetchmail version 6.2.5.1 et versions antérieures.

Impacted products
Vendor Product Description
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eFetchmail version 6.2.5.1 et versions  ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\ncette vuln\u00e9rabilit\u00e9 et injecter du code arbitraire \u00e0 distance\npermettant, entre autres, d\u0027obtenir les droits administrateurs sur la\nmachine vuln\u00e9rable.  \n\nL\u0027exploitation de cette faille \u00e0 destination d\u0027une machine disposant de\nFetchmail 6.2.5.1 ne provoque qu\u0027un d\u00e9ni de service.\n\n## Solution\n\nPasser en version 6.2.5.2 et appliquer le patch fetchmail-patch-6.2.5.2\n:\n\n    http://developer.berlios.de/project/showfiles.php?group_id=1824\n",
  "cves": [],
  "initial_release_date": "2005-07-22T00:00:00",
  "last_revision_date": "2005-08-17T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SR:2005:018 du 28 juillet    2005 :",
      "url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-774 du 12 ao\u00fbt 2005 :",
      "url": "http://www.debian.org/security/2005/dsa-774"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2005:126 du 28 juillet    2005 :",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:126"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de FreeBSD :",
      "url": "http://www.vuxml.org/freebsd/pkg-fetchmail.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2005:640 du 25 juillet    2005 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2005-640.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200507-21 du 25 juillet    2005 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200507-21.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 OpenBSD pour fetchmail du 25 juillet    2005 :",
      "url": "http://www.vuxml.org/openbsd/pkg-fetchmail.html"
    }
  ],
  "reference": "CERTA-2005-AVI-278",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-07-22T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 OpenBSD.",
      "revision_date": "2005-07-25T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200507-21.",
      "revision_date": "2005-07-26T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Mandriva MDKSA-2005:126 et SUSE SUSE-SR:2005:018.",
      "revision_date": "2005-07-29T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Debian DSA-774.",
      "revision_date": "2005-08-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance via un serveur pop3 malicieux"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 dans Fetchmail",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Berlios",
      "url": "http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.