漏洞信息详情
Eric S. Raymond Fetchmail Multidrop模式远程拒绝服务攻击漏洞
- CNNVD编号:CNNVD-200210-247
- 危害等级: 中危
![图片[1]-Eric S. Raymond Fetchmail Multidrop模式远程拒绝服务攻击漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-04-26/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2002-1175
- 漏洞类型:
输入验证
- 发布时间:
2002-10-11
- 威胁类型:
远程
- 更新时间:
2005-10-20
- 厂 商:
fetchmail - 漏洞来源:
Stefan Esser※ s.es… -
漏洞简介
Fetchmail是一款由Eric S. Raymond维护的免费开放源代码邮件客户端。
Fetchmail运行在multidrop模式下解析邮件头的代码存在问题,远程攻击者可以利用这个漏洞进行拒绝服务攻击。
Fetchmail运行在multidrop模式下,其中getmxrecord()函数缺少正确的边界检查,可以导致远程使Fetchmail崩溃。要利用这个漏洞,攻击者必须能发送伪造的超大的DNS包给目标用户,这可以通过攻击者伪造目标用户使用的DNS服务器应答或者使目标用户查询由其控制的MX记录DNS服务器。如果Fetchmail接收到此类包在堆栈中读取数据时会导致崩溃。
漏洞公告
厂商补丁:
Conectiva
———
Conectiva已经为此发布了一个安全公告(CLA-2002:531)以及相应补丁:
CLA-2002:531:fetchmail
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000531” target=”_blank”>
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000531
补丁下载:
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/fetchmail-5.9.12-1U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/fetchmailconf-5.9.12-1U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/fetchmail-doc-5.9.12-1U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/fetchmail-5.9.12-1U60_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/fetchmail-5.9.12-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/fetchmailconf-5.9.12-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/fetchmail-doc-5.9.12-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/fetchmail-5.9.12-1U70_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/fetchmail-5.9.12-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/fetchmailconf-5.9.12-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/fetchmail-doc-5.9.12-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/fetchmail-5.9.12-1U80_2cl.src.rpm
Conectiva Linux version 6.0及以上版本的用户可以使用apt进行RPM包的更新:
– 把以下的文本行加入到/etc/apt/sources.list文件中:
rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates
(如果你不是使用6.0版本,用合适的版本号代替上面的6.0)
– 执行: apt-get update
– 更新以后,再执行: apt-get upgrade
Debian
——
Debian已经为此发布了一个安全公告(DSA-171-1)以及相应补丁:
DSA-171-1:New fetchmail packages fix buffer overflows
链接:http://www.debian.org/security/2002/dsa-171” target=”_blank”>
http://www.debian.org/security/2002/dsa-171
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2.dsc
Size/MD5 checksum: 566 86a1178baa3487e805a33355ad3ae9ca
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2.diff.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2.diff.gz
Size/MD5 checksum: 27775 0333f3e025e4b37abee2a64491f38eea
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3.orig.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3.orig.tar.gz
Size/MD5 checksum: 755731 d2cffc4594ec2d36db6681b800f25e2a
Architecture independent components:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_5.3.3-4.2_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_5.3.3-4.2_all.deb
Size/MD5 checksum: 63276 0b4940f3a569415e7c28dd96c38320cb
Alpha architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_alpha.deb
Size/MD5 checksum: 371634 1baca38aca2bf43437d56e10ed88a862
ARM architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_arm.deb
Size/MD5 checksum: 349456 44de8a9abf92435bbf5b964f3acc0fa6
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_i386.deb
Size/MD5 checksum: 319508 a6574ad75f79694b96f51b9773be623b
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_m68k.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_m68k.deb
Size/MD5 checksum: 315662 cfce75c2bf709837dfbc3dc6708abd81
PowerPC architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_powerpc.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_powerpc.deb
Size/MD5 checksum: 350250 8129d3f2ce8d0c0bd2403266b48a6bde
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_sparc.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_sparc.deb
Size/MD5 checksum: 350714 2c12d41c04324b5df87238d46f80cb76
Debian GNU/Linux 3.0 alias woody
– ——————————–
Source archives:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1.dsc
Size/MD5 checksum: 712 f10e451766beab56196f34798c7ba9db
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1.diff.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1.diff.gz
Size/MD5 checksum: 300108 b9fa639e6a9582ac96d7ec4a495b0a3c
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11.orig.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11.orig.tar.gz
Size/MD5 checksum: 950273 fff00cbf7be1d01a17605fee23ac96dd
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1.dsc
Size/MD5 checksum: 707 43775de628a7fc825041f699c59a9578
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1.diff.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1.diff.gz
Size/MD5 checksum: 296194 e1e0e64a296b6f0454298fc1dedf808d
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11.orig.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11.orig.tar.gz
Size/MD5 checksum: 950273 fff00cbf7be1d01a17605fee23ac96dd
Architecture independent components:
参考网址
来源: MANDRAKE
名称: MDKSA-2002:063
链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-063.php
来源: BID
名称: 5826
链接:http://www.securityfocus.com/bid/5826
来源: ENGARDE
名称: ESA-20021003-023
链接:http://www.linuxsecurity.com/advisories/other_advisory-2402.html
来源: XF
名称: fetchmail-multidrop-bo(10203)
链接:http://www.iss.net/security_center/static/10203.php
来源: DEBIAN
名称: DSA-171
链接:http://www.debian.org/security/2002/dsa-171
来源: REDHAT
名称: RHSA-2002:215
链接:http://rhn.redhat.com/errata/RHSA-2002-215.html
来源: BUGTRAQ
名称: 20020929 Advisory 03/2002: Fetchmail remote vulnerabilities
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103340148625187&w=2
来源: CONECTIVA
名称: CLA-2002:531
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000531
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
