Fetchmail POP3证书索引签名回复漏洞

漏洞信息详情

Fetchmail POP3证书索引签名回复漏洞

• CNNVD编号：CNNVD-200108-156
• 危害等级： 超危
  
  
• CVE编号：
  CVE-2001-1009
  
• 漏洞类型：
  
  
  权限许可和访问控制
  
• 发布时间：
  
  2001-08-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  fetchmail
• 漏洞来源：
  Discovered by Salv…

Fetchmail(也称为fetchmail-ssl) 5.8.17之前的版本存在漏洞。远程恶意（1）IMAP服务器，或（2）POP/POP3服务器可以借助负索引号作为LIST请求的部分响应覆盖任意内存，并且可能可以获取权限。

A fixed version has been made available.
Various vendors have also released fixed packages:
Eric Raymond Fetchmail 5.3.8

• MandrakeSoft 1.0.1 i386 fetchmail-5.3.8-4.2mdk.i586.rpm
  ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/1.0.1/RPMS
  /fetchmail-5.3.8-4.2mdk.i586.rpm
• MandrakeSoft 1.0.1 i386 fetchmailconf-5.3.8-4.2mdk.i586.rpm
  ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/1.0.1/RPMS
  /fetchmailconf-5.3.8-4.2mdk.i586.rpm
• MandrakeSoft 7.1 i386 fetchmail-5.3.8-4.2mdk.i586.rpm
  ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/7.1/RPMS/f
  etchmail-5.3.8-4.2mdk.i586.rpm
• MandrakeSoft 7.1 i386 fetchmailconf-5.3.8-4.2mdk.i586.rpm
  ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/7.1/RPMS/f
  etchmailconf-5.3.8-4.2mdk.i586.rpm

Eric Raymond Fetchmail 5.4 .0

• EnGarde Secure Linux 1.0.1 i686 fetchmail-ssl-5.8.17-1.0.3.i686.rpm
  
  http://ftp.engardelinux.org/pub/engarde/stable/updates/i686/fetchmail-
  ssl-5.8.17-1.0.3.i686.rpm

Eric Raymond Fetchmail 5.5.2

• MandrakeSoft 7.2 i386 fetchmail-5.5.2-5.2mdk.i586.rpm
  ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/7.2/RPMS/f
  etchmail-5.5.2-5.2mdk.i586.rpm
• MandrakeSoft 7.2 i386 fetchmail-daemon-5.5.2-5.2mdk.i586.rpm
  ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/7.2/RPMS/f
  etchmail-daemon-5.5.2-5.2mdk.i586.rpm
• MandrakeSoft 7.2 i386 fetchmailconf-5.5.2-5.2mdk.i586.rpm
  ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/7.2/RPMS/f
  etchmailconf-5.5.2-5.2mdk.i586.rpm

Eric Raymond Fetchmail 5.7.4

• MandrakeSoft 8.0 i386 fetchmail-5.7.4-5.2mdk.i586.rpm
  ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/8.0/RPMS/f
  etchmail-5.7.4-5.2mdk.i586.rpm
• MandrakeSoft 8.0 i386 fetchmail-daemon-5.7.4-5.2mdk.i586.rpm
  ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/8.0/RPMS/f
  etchmail-daemon-5.7.4-5.2mdk.i586.rpm
• MandrakeSoft 8.0 i386 fetchmailconf-5.7.4-5.2mdk.i586.rpm
  ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/8.0/RPMS/f
  etchmailconf-5.7.4-5.2mdk.i586.rpm
• MandrakeSoft 8.0 ppc fetchmail-5.7.4-5.2mdk.ppc.rpm
  ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/ppc/8.0/RP
  MS/fetchmail-5.7.4-5.2mdk.ppc.rpm
• MandrakeSoft 8.0 ppc fetchmail-daemon-5.7.4-5.2mdk.ppc.rpm
  ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/ppc/8.0/RP
  MS/fetchmail-daemon-5.7.4-5.2mdk.ppc.rpm
• MandrakeSoft 8.0 ppc fetchmailconf-5.7.4-5.2mdk.ppc.rpm
  ftp://ftp.cadvision.com/pub/linux/Mandrake/Mandrake/updates/ppc/8.0/RP
  MS/fetchmailconf-5.7.4-5.2mdk.ppc.rpm

Eric Raymond Fetchmail 5.8 .0

• Eric Raymond Fetchmail 5.8.17
  
  http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz

Eric Raymond Fetchmail 5.8.1

• Eric Raymond Fetchmail 5.8.17
  
  http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz

Eric Raymond Fetchmail 5.8.10

• Eric Raymond Fetchmail 5.8.17
  
  http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz

Eric Raymond Fetchmail 5.8.11

• Eric Raymond Fetchmail 5.8.17
  
  http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz

Eric Raymond Fetchmail 5.8.12

• Eric Raymond Fetchmail 5.8.17
  
  http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz

Eric Raymond Fetchmail 5.8.13

• Eric Raymond Fetchmail 5.8.17
  
  http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz

Eric Raymond Fetchmail 5.8.14

• Eric Raymond Fetchmail 5.8.17
  
  http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz

Eric Raymond Fetchmail 5.8.15

• Eric Raymond Fetchmail 5.8.17
  
  http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz

Eric Raymond Fetchmail 5.8.16

• Eric Raymond Fetchmail 5.8.17
  
  http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz

Eric Raymond Fetchmail 5.8.2

• Eric Raymond Fetchmail 5.8.17
  
  http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz

Eric Raymond Fetchmail 5.8.3

• Eric Raymond Fetchmail 5.8.17
  
  http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz

Eric Raymond Fetchmail 5.8.4

• Eric Raymond Fetchmail 5.8.17
  
  http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz

Eric Raymond Fetchmail 5.8.5

• Eric Raymond Fetchmail 5.8.17
  
  http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz

Eric Raymond Fetchmail 5.8.6

• Eric Raymond Fetchmail 5.8.17
  
  http://tuxedo.org/~esr/fetchmail/fetchmail-5.8.17.tar.gz

来源: BID
名称: 3166
链接:http://www.securityfocus.com/bid/3166

来源: BID
名称: 3164
链接:http://www.securityfocus.com/bid/3164

来源: REDHAT
名称: RHSA-2001:103
链接:http://www.redhat.com/support/errata/RHSA-2001-103.html

来源: ENGARDE
名称: ESA-20010816-01
链接:http://www.linuxsecurity.com/advisories/other_advisory-1555.html

来源: BUGTRAQ
名称: 20010809 Fetchmail security advisory
链接:http://archives.neohapsis.com/archives/bugtraq/2001-08/0118.html

来源: SUSE
名称: SuSE-SA:2001:026
链接:http://www.novell.com/linux/security/advisories/2001_026_fetchmail_txt.html

来源: MANDRAKE
名称: MDKSA-2001:072
链接:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-072.php3

来源: XF
名称: fetchmail-signed-integer-index(6965)
链接:http://www.iss.net/security_center/static/6965.php

来源: DEBIAN
名称: DSA-071
链接:http://www.debian.org/security/2001/dsa-071

来源: CONECTIVA
名称: CLA-2001:419
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000419