Miembros de
Boletines de Vulnerabilidades |
Denegación de servicio en fetchmail |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Denegación de Servicio |
| Dificultad | Experto |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | GNU/Linux |
| Software afectado | fetchmail < 6.3.9 |
Descripción |
|
|
Se ha encontrado una vulnerabilidad en fetchmail en las versiones anteriores a la 6.3.9. La vulnerabilidad reside en un error no especificado. Un atacante remoto podría causar una denegación de servicio mediante rechazar ciertos mensajes de aviso que son enviados a través de SMTP. |
|
Solución |
|
|
Actualización de software Mandriva (MDKSA-2007:179) Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/fetchmail-6.2.5-3.6.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/fetchmail-daemon-6.2.5-3.6.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/fetchmailconf-6.2.5-3.6.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/fetchmail-6.2.5-3.6.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/fetchmail-6.2.5-3.6.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/fetchmail-daemon-6.2.5-3.6.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/fetchmailconf-6.2.5-3.6.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/fetchmail-6.2.5-3.6.C30mdk.src.rpm Mandriva Linux 2007 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/fetchmail-6.3.4-3.3mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/fetchmail-daemon-6.3.4-3.3mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/fetchmailconf-6.3.4-3.3mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/fetchmail-6.3.4-3.3mdv2007.0.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/fetchmail-6.3.4-3.3mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/fetchmail-daemon-6.3.4-3.3mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/fetchmailconf-6.3.4-3.3mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/fetchmail-6.3.4-3.3mdv2007.0.src.rpm Corporate Server 4.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/fetchmail-6.2.5-11.5.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/fetchmail-daemon-6.2.5-11.5.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/fetchmailconf-6.2.5-11.5.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/fetchmail-6.2.5-11.5.20060mlcs4.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/fetchmail-6.2.5-11.5.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/fetchmail-daemon-6.2.5-11.5.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/fetchmailconf-6.2.5-11.5.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/fetchmail-6.2.5-11.5.20060mlcs4.src.rpm Mandriva Linux 2007.1 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/fetchmail-6.3.6-1.2mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/fetchmail-daemon-6.3.6-1.2mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/fetchmailconf-6.3.6-1.2mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/SRPMS/fetchmail-6.3.6-1.2mdv2007.1.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/fetchmail-6.3.6-1.2mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/fetchmail-daemon-6.3.6-1.2mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/fetchmailconf-6.3.6-1.2mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/SRPMS/fetchmail-6.3.6-1.2mdv2007.1.src.rpm Debian (DSA 1377-1) Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1.diff.gz http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6.orig.tar.gz http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1.dsc Architecture independent http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.3.6-1etch1_all.deb amd64 http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_amd64.deb arm http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_arm.deb hppa http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_hppa.deb ia64 http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_ia64.deb mips http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_mips.deb powerpc http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_powerpc.deb s390 http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_s390.deb sparc http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_sparc.deb Debian (DSA 1377-2) Debian Linux 4.0 i386 http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_i386.deb Red Hat (RHSA-2009:1427-1) RHEL Desktop Workstation (v. 5 cliente) Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 servidor) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux AS (v. 4.8.z) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux ES (v. 4.8.z) Red Hat Enterprise Linux EUS (v. 5.4.z servidor) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2007-4565 |
| BID | 25495 |
Recursos adicionales |
|
|
Mandriva Security Advisory (MDKSA-2007:179) http://www.mandriva.com/security/advisories?name=MDKSA-2007:179 Debian Security Advisory (DSA 1377-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00144.html Debian Security Advisory (DSA 1377-2) http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00145.html Red Hat Security Advisory (RHSA-2009:1427-1) https://rhn.redhat.com/errata/RHSA-2009-1427.html |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2007-09-12 |
| 1.1 | Aviso emitido por Debian (DSA 1377-1), aviso emitido por Debian (DSA 1377-2) | 2007-09-25 |
| 1.2 | Aviso emitido por Red Hat (RHSA-2009:1427-1) | 2009-09-10 |