正文

Fetchmail POP3证书索引签名回复漏洞

admin
admin V管理员 /0 评论 /9 阅读
1231
此篇文章发布距今已超过1214天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Fetchmail POP3证书索引签名回复漏洞

  • CNNVD编号:CNNVD-200108-156
    • <!--
  • 危害等级: 超危-->
  • 危害等级: 超危
  • CVE编号: CVE-2001-1009
  • 漏洞类型: 权限许可和访问控制
  • 发布时间: 2001-08-31
  • 威胁类型: 远程
  • 更新时间: 2005-10-20
  • 厂        商: fetchmail
  • 漏洞来源: .');">Discovered by Salv...

漏洞简介

Fetchmail(也称为fetchmail-ssl) 5.8.17之前的版本存在漏洞。远程恶意(1)IMAP服务器,或(2)POP/POP3服务器可以借助负索引号作为LIST请求的部分响应覆盖任意内存,并且可能可以获取权限。

漏洞公告

A fixed version has been made available. Various vendors have also released fixed packages: Eric Raymond Fetchmail 5.3.8

  • MandrakeSoft 1.0.1 i386 fetchmail-5.3.8-4.2mdk.i586.rpm ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/1.0.1/RPMS /fetchmail-5.3.8-4.2mdk.i586.rpm
  • MandrakeSoft 1.0.1 i386 fetchmailconf-5.3.8-4.2mdk.i586.rpm ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/1.0.1/RPMS /fetchmailconf-5.3.8-4.2mdk.i586.rpm
  • MandrakeSoft 7.1 i386 fetchmail-5.3.8-4.2mdk.i586.rpm ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/7.1/RPMS/f etchmail-5.3.8-4.2mdk.i586.rpm
  • MandrakeSoft 7.1 i386 fetchmailconf-5.3.8-4.2mdk.i586.rpm ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/7.1/RPMS/f etchmailconf-5.3.8-4.2mdk.i586.rpm
Eric Raymond Fetchmail 5.4 .0
  • EnGarde Secure Linux 1.0.1 i686 fetchmail-ssl-5.8.17-1.0.3.i686.rpm http://ftp.engardelinux.org/pub/engarde/stable/updates/i686/fetchmail- ssl-5.8.17-1.0.3.i686.rpm
Eric Raymond Fetchmail 5.5.2
  • MandrakeSoft 7.2 i386 fetchmail-5.5.2-5.2mdk.i586.rpm ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/7.2/RPMS/f etchmail-5.5.2-5.2mdk.i586.rpm
  • MandrakeSoft 7.2 i386 fetchmail-daemon-5.5.2-5.2mdk.i586.rpm ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/7.2/RPMS/f etchmail-daemon-5.5.2-5.2mdk.i586.rpm
  • MandrakeSoft 7.2 i386 fetchmailconf-5.5.2-5.2mdk.i586.rpm ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/7.2/RPMS/f etchmailconf-5.5.2-5.2mdk.i586.rpm
Eric Raymond Fetchmail 5.7.4
  • MandrakeSoft 8.0 i386 fetchmail-5.7.4-5.2mdk.i586.rpm ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/8.0/RPMS/f etchmail-5.7.4-5.2mdk.i586.rpm
  • MandrakeSoft 8.0 i386 fetchmail-daemon-5.7.4-5.2mdk.i586.rpm ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/8.0/RPMS/f etchmail-daemon-5.7.4-5.2mdk.i586.rpm
  • MandrakeSoft 8.0 i386 fetchmailconf-5.7.4-5.2mdk.i586.rpm ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/8.0/RPMS/f etchmailconf-5.7.4-5.2mdk.i586.rpm
  • MandrakeSoft 8.0 ppc fetchmail-5.7.4-5.2mdk.ppc.rpm ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/ppc/8.0/RP MS/fetchmail-5.7.4-5.2mdk.ppc.rpm
  • MandrakeSoft 8.0 ppc fetchmail-daemon-5.7.4-5.2mdk.ppc.rpm ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/ppc/8.0/RP MS/fetchmail-daemon-5.7.4-5.2mdk.ppc.rpm
  • MandrakeSoft 8.0 ppc fetchmailconf-5.7.4-5.2mdk.ppc.rpm ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/ppc/8.0/RP MS/fetchmailconf-5.7.4-5.2mdk.ppc.rpm
Eric Raymond Fetchmail 5.8 .0
  • Eric Raymond Fetchmail 5.8.17 http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz
Eric Raymond Fetchmail 5.8.1
  • Eric Raymond Fetchmail 5.8.17 http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz
Eric Raymond Fetchmail 5.8.10
  • Eric Raymond Fetchmail 5.8.17 http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz
Eric Raymond Fetchmail 5.8.11
  • Eric Raymond Fetchmail 5.8.17 http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz
Eric Raymond Fetchmail 5.8.12
  • Eric Raymond Fetchmail 5.8.17 http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz
Eric Raymond Fetchmail 5.8.13
  • Eric Raymond Fetchmail 5.8.17 http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz
Eric Raymond Fetchmail 5.8.14
  • Eric Raymond Fetchmail 5.8.17 http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz
Eric Raymond Fetchmail 5.8.15
  • Eric Raymond Fetchmail 5.8.17 http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz
Eric Raymond Fetchmail 5.8.16
  • Eric Raymond Fetchmail 5.8.17 http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz
Eric Raymond Fetchmail 5.8.2
  • Eric Raymond Fetchmail 5.8.17 http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz
Eric Raymond Fetchmail 5.8.3
  • Eric Raymond Fetchmail 5.8.17 http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz
Eric Raymond Fetchmail 5.8.4
  • Eric Raymond Fetchmail 5.8.17 http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz
Eric Raymond Fetchmail 5.8.5
  • Eric Raymond Fetchmail 5.8.17 http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz
Eric Raymond Fetchmail 5.8.6
  • Eric Raymond Fetchmail 5.8.17 http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz

参考网址

来源: BID 名称: 3166 链接:http://www.securityfocus.com/bid/3166 来源: BID 名称: 3164 链接:http://www.securityfocus.com/bid/3164 来源: REDHAT 名称: RHSA-2001:103 链接:http://www.redhat.com/support/errata/RHSA-2001-103.html 来源: ENGARDE 名称: ESA-20010816-01 链接:http://www.linuxsecurity.com/advisories/other_advisory-1555.html 来源: BUGTRAQ 名称: 20010809 Fetchmail security advisory 链接:http://archives.neohapsis.com/archives/bugtraq/2001-08/0118.html 来源: SUSE 名称: SuSE-SA:2001:026 链接:http://www.novell.com/linux/security/advisories/2001_026_fetchmail_txt.html 来源: MANDRAKE 名称: MDKSA-2001:072 链接:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-072.php3 来源: XF 名称: fetchmail-signed-integer-index(6965) 链接:http://www.iss.net/security_center/static/6965.php 来源: DEBIAN 名称: DSA-071 链接:http://www.debian.org/security/2001/dsa-071 来源: CONECTIVA 名称: CLA-2001:419 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000419

受影响实体

  • Fetchmail Fetchmail:5.8.14  
    <!--
    2000-1-1
    -->
  • Fetchmail Fetchmail:5.4.0  
    <!--
    2000-1-1
    -->
  • Fetchmail Fetchmail:5.7.4  
    <!--
    2000-1-1
    -->
  • Fetchmail Fetchmail:5.8.6  
    <!--
    2000-1-1
    -->
  • Fetchmail Fetchmail:5.9.0  
    <!--
    2000-1-1
    -->

补丁

    暂无