Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] MDKSA-2005:126 - Updated fetchmail packages fix vulner

from [Mandriva Security Team] Network Security [Permanent Link]
Subject: [Full-disclosure] MDKSA-2005:126 - Updated fetchmail packages fix vulnerability
Date: Thu, 28 Jul 2005 22:44:34 -0600 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           fetchmail
 Advisory ID:            MDKSA-2005:126
 Date:                   July 28th, 2005

 Affected versions:      10.1, 10.2, Corporate 3.0,
                         Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A buffer overflow was discovered in fetchmail's POP3 client which
 could allow a malicious server to send a carefully crafted message
 UID, causing fetchmail to crash or potentially execute arbitrary
 code as the user running fetchmail.
 
 The updated packages have been patched to address this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2335
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 563f08174b32d11c7d072a7c86672cd6  10.1/RPMS/fetchmail-6.2.5-5.1.101mdk.i586.rpm
 322f5e01a8ccf9611119bf56c81b3c34  
10.1/RPMS/fetchmail-daemon-6.2.5-5.1.101mdk.i586.rpm
 b41cd62c89bd4e728107b8fadb3d10dd  
10.1/RPMS/fetchmailconf-6.2.5-5.1.101mdk.i586.rpm
 9193b1c0ccf4d8dc1158a2707ff73628  10.1/SRPMS/fetchmail-6.2.5-5.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 e160ad934bb3007cf35c050006bd9bec  
x86_64/10.1/RPMS/fetchmail-6.2.5-5.1.101mdk.x86_64.rpm
 193c90622e9279417f0d89e7368162d2  
x86_64/10.1/RPMS/fetchmail-daemon-6.2.5-5.1.101mdk.x86_64.rpm
 8b29df74bc7cc01ad0e57052908d96fb  
x86_64/10.1/RPMS/fetchmailconf-6.2.5-5.1.101mdk.x86_64.rpm
 9193b1c0ccf4d8dc1158a2707ff73628  
x86_64/10.1/SRPMS/fetchmail-6.2.5-5.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 f25ca14a570b18627309b1ec6d6118bb  
10.2/RPMS/fetchmail-6.2.5-10.1.102mdk.i586.rpm
 afdcff56a05aebf22b7cd138166d4ca7  
10.2/RPMS/fetchmail-daemon-6.2.5-10.1.102mdk.i586.rpm
 6d58bd3064e22875011b97cee9c2d809  
10.2/RPMS/fetchmailconf-6.2.5-10.1.102mdk.i586.rpm
 7d6ab32632446ed61fc18591f1c2fd00  
10.2/SRPMS/fetchmail-6.2.5-10.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 8f0f018bb2807d5285ae2ef05bb57107  
x86_64/10.2/RPMS/fetchmail-6.2.5-10.1.102mdk.x86_64.rpm
 870f31b16001b83be84e51cc93a92200  
x86_64/10.2/RPMS/fetchmail-daemon-6.2.5-10.1.102mdk.x86_64.rpm
 2f464f9c3409880ef9c457b9986ae712  
x86_64/10.2/RPMS/fetchmailconf-6.2.5-10.1.102mdk.x86_64.rpm
 7d6ab32632446ed61fc18591f1c2fd00  
x86_64/10.2/SRPMS/fetchmail-6.2.5-10.1.102mdk.src.rpm

 Corporate Server 2.1:
 96185810b7b4ad91d4986fd0d946a15d  
corporate/2.1/RPMS/fetchmail-6.1.0-1.3.C21mdk.i586.rpm
 268fdaf86ca3f5f33b9c1ac0a00efc4a  
corporate/2.1/RPMS/fetchmail-daemon-6.1.0-1.3.C21mdk.i586.rpm
 647d592ec242a09fa869da6f37660299  
corporate/2.1/RPMS/fetchmailconf-6.1.0-1.3.C21mdk.i586.rpm
 8d3e996da39619613de0046e7c9cb459  
corporate/2.1/SRPMS/fetchmail-6.1.0-1.3.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 d19fab3b9b57c4f9c9e4fe6aebd6ea81  
x86_64/corporate/2.1/RPMS/fetchmail-6.1.0-1.3.C21mdk.x86_64.rpm
 587dc00b22b6fd4e9b17f5bdb26457f6  
x86_64/corporate/2.1/RPMS/fetchmail-daemon-6.1.0-1.3.C21mdk.x86_64.rpm
 1d44d1c54e69049966b222ada486e633  
x86_64/corporate/2.1/RPMS/fetchmailconf-6.1.0-1.3.C21mdk.x86_64.rpm
 8d3e996da39619613de0046e7c9cb459  
x86_64/corporate/2.1/SRPMS/fetchmail-6.1.0-1.3.C21mdk.src.rpm

 Corporate 3.0:
 9d67bcb3d6485a0ffb243f9ed23cda22  
corporate/3.0/RPMS/fetchmail-6.2.5-3.1.C30mdk.i586.rpm
 f9283b89d96efbbb8f2ce98abe00c563  
corporate/3.0/RPMS/fetchmail-daemon-6.2.5-3.1.C30mdk.i586.rpm
 4c170dbe398c93923d2a106dc6275c2e  
corporate/3.0/RPMS/fetchmailconf-6.2.5-3.1.C30mdk.i586.rpm
 f7c51eab215fe7c2e46baf154c315d26  
corporate/3.0/SRPMS/fetchmail-6.2.5-3.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 6e40e50873f3ca1b49d948e1a3be052a  
x86_64/corporate/3.0/RPMS/fetchmail-6.2.5-3.1.C30mdk.x86_64.rpm
 77d83cddcb9d2daf4b04a8ce09da90b7  
x86_64/corporate/3.0/RPMS/fetchmail-daemon-6.2.5-3.1.C30mdk.x86_64.rpm
 a90e50cc1bbec81fbc8949ef5da5b87f  
x86_64/corporate/3.0/RPMS/fetchmailconf-6.2.5-3.1.C30mdk.x86_64.rpm
 f7c51eab215fe7c2e46baf154c315d26  
x86_64/corporate/3.0/SRPMS/fetchmail-6.2.5-3.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC6bQymqjQ0CJFipgRAmfLAJwKvk84UihIhXCD1wdz9nm+CpBwLACfWhfT
sYLrf/Af0isUirXO73e/Ygg=
=paDW
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] MDKSA-2005:126 - Updated fetchmail packages fix vulnerability, Mandriva Security Team <=
Previous by Date:  Re: [Full-disclosure] Defeating Microsoft WGA Validation Check, Scott Edwards
Next by Date:  [Full-disclosure] MDKSA-2005:127 - Updated mozilla-thunderbird packages fix multiple vulnerabilities, Mandriva Security Team
Previous by Thread:  [Full-disclosure] nProtect solutions arbitrary file download and execute vulnerability, Park Gyutae
Next by Thread:  [Full-disclosure] MDKSA-2005:127 - Updated mozilla-thunderbird packages fix multiple vulnerabilities, Mandriva Security Team
Indexes:  [Date] [Thread] [Top] [All Lists]