CVE-2002-1174
CVSS7.5
发布时间 :2002-10-11 00:00:00
修订时间 :2016-10-17 22:24:21
NMCOS    

[原文]Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function.


[CNNVD]Eric S. Raymond Fetchmail Multidrop模式EMAIL头解析堆缓冲区溢出漏洞(CNNVD-200210-261)

        
        Fetchmail是一款由Eric S. Raymond维护的免费开放源代码邮件客户端。
        Fetchmail运行在multidrop模式下解析邮件头的代码存在问题,远程攻击者可以利用这个漏洞进行基于堆的缓冲区溢出,可能以Fetchmail进程在系统上执行任意指令。
        Fetchmail运行在multidrop模式下,使用parse_received()函数解析邮件"Received:"字符时存在问题。这个函数把"Received:"数据拷贝到基于堆的缓冲区时没有进行任何大小检查,特殊构建的"Received:"头数据可以覆盖任意字节的堆缓冲区。精心构建"Received:"头数据可覆盖堆中的任意地址,利用free()/realloc()函数可以导致以Fetchmail进程的权限在系统上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

cpe:/a:fetchmail:fetchmail:5.8.6Fetchmail 5.8.6
cpe:/a:fetchmail:fetchmail:5.8.5Fetchmail 5.8.5
cpe:/a:fetchmail:fetchmail:5.8.4Fetchmail 5.8.4
cpe:/a:fetchmail:fetchmail:5.8.3Fetchmail 5.8.3
cpe:/a:fetchmail:fetchmail:5.8.11Fetchmail 5.8.11
cpe:/a:fetchmail:fetchmail:5.8.2Fetchmail 5.8.2
cpe:/a:fetchmail:fetchmail:5.2.8Fetchmail 5.2.8
cpe:/a:fetchmail:fetchmail:5.8.1Fetchmail 5.8.1
cpe:/a:fetchmail:fetchmail:5.4.5Fetchmail 5.4.5
cpe:/a:fetchmail:fetchmail:5.2.7Fetchmail 5.2.7
cpe:/a:fetchmail:fetchmail:5.4.4Fetchmail 5.4.4
cpe:/a:fetchmail:fetchmail:5.0.8Fetchmail 5.0.8
cpe:/a:fetchmail:fetchmail:5.4.3Fetchmail 5.4.3
cpe:/a:fetchmail:fetchmail:5.0.7Fetchmail 5.0.7
cpe:/a:fetchmail:fetchmail:4.6.7Fetchmail 4.6.7
cpe:/a:fetchmail:fetchmail:4.6.6Fetchmail 4.6.6
cpe:/a:fetchmail:fetchmail:4.6.9Fetchmail 4.6.9
cpe:/a:fetchmail:fetchmail:4.6.8Fetchmail 4.6.8
cpe:/a:fetchmail:fetchmail:5.1.0Fetchmail 5.1.0
cpe:/a:fetchmail:fetchmail:4.6.3Fetchmail 4.6.3
cpe:/a:fetchmail:fetchmail:4.6.2Fetchmail 4.6.2
cpe:/a:fetchmail:fetchmail:4.6.5Fetchmail 4.6.5
cpe:/a:fetchmail:fetchmail:4.6.4Fetchmail 4.6.4
cpe:/a:fetchmail:fetchmail:5.8Fetchmail 5.8
cpe:/a:fetchmail:fetchmail:5.6.0Fetchmail 5.6.0
cpe:/a:fetchmail:fetchmail:5.2.4Fetchmail 5.2.4
cpe:/a:fetchmail:fetchmail:5.0.6Fetchmail 5.0.6
cpe:/a:fetchmail:fetchmail:5.2.3Fetchmail 5.2.3
cpe:/a:fetchmail:fetchmail:5.0.5Fetchmail 5.0.5
cpe:/a:fetchmail:fetchmail:5.0.4Fetchmail 5.0.4
cpe:/a:fetchmail:fetchmail:5.4.0Fetchmail 5.4.0
cpe:/a:fetchmail:fetchmail:5.2.1Fetchmail 5.2.1
cpe:/a:fetchmail:fetchmail:5.0.3Fetchmail 5.0.3
cpe:/a:fetchmail:fetchmail:4.6.1Fetchmail 4.6.1
cpe:/a:fetchmail:fetchmail:4.6.0Fetchmail 4.6.0
cpe:/a:fetchmail:fetchmail:5.9.5Fetchmail 5.9.5
cpe:/a:fetchmail:fetchmail:5.9.4Fetchmail 5.9.4
cpe:/a:fetchmail:fetchmail:5.5.6Fetchmail 5.5.6
cpe:/a:fetchmail:fetchmail:5.3.8Fetchmail 5.3.8
cpe:/a:fetchmail:fetchmail:5.7.4Fetchmail 5.7.4
cpe:/a:fetchmail:fetchmail:5.9.8Fetchmail 5.9.8
cpe:/a:fetchmail:fetchmail:5.9.13Fetchmail 5.9.13
cpe:/a:fetchmail:fetchmail:5.5.5Fetchmail 5.5.5
cpe:/a:fetchmail:fetchmail:5.7.2Fetchmail 5.7.2
cpe:/a:fetchmail:fetchmail:5.9.0Fetchmail 5.9.0
cpe:/a:fetchmail:fetchmail:5.5.3Fetchmail 5.5.3
cpe:/a:fetchmail:fetchmail:5.7.0Fetchmail 5.7.0
cpe:/a:fetchmail:fetchmail:5.5.2Fetchmail 5.5.2
cpe:/a:fetchmail:fetchmail:4.7.6Fetchmail 4.7.6
cpe:/a:fetchmail:fetchmail:4.5.8Fetchmail 4.5.8
cpe:/a:fetchmail:fetchmail:4.7.5Fetchmail 4.7.5
cpe:/a:fetchmail:fetchmail:4.5.7Fetchmail 4.5.7
cpe:/a:fetchmail:fetchmail:4.7.7Fetchmail 4.7.7
cpe:/a:fetchmail:fetchmail:5.2.0Fetchmail 5.2.0
cpe:/a:fetchmail:fetchmail:5.0.2Fetchmail 5.0.2
cpe:/a:fetchmail:fetchmail:5.0.1Fetchmail 5.0.1
cpe:/a:fetchmail:fetchmail:5.0.0Fetchmail 5.0.0
cpe:/a:fetchmail:fetchmail:4.7.2Fetchmail 4.7.2
cpe:/a:fetchmail:fetchmail:4.5.4Fetchmail 4.5.4
cpe:/a:fetchmail:fetchmail:4.7.1Fetchmail 4.7.1
cpe:/a:fetchmail:fetchmail:4.5.3Fetchmail 4.5.3
cpe:/a:fetchmail:fetchmail:4.7.4Fetchmail 4.7.4
cpe:/a:fetchmail:fetchmail:4.5.6Fetchmail 4.5.6
cpe:/a:fetchmail:fetchmail:4.7.3Fetchmail 4.7.3
cpe:/a:fetchmail:fetchmail:4.5.5Fetchmail 4.5.5
cpe:/a:fetchmail:fetchmail:5.8.17Fetchmail 5.8.17
cpe:/a:fetchmail:fetchmail:6.0.0Fetchmail 6.0.0
cpe:/a:fetchmail:fetchmail:5.3.3Fetchmail 5.3.3
cpe:/a:fetchmail:fetchmail:5.9.10Fetchmail 5.9.10
cpe:/a:fetchmail:fetchmail:5.5.0Fetchmail 5.5.0
cpe:/a:fetchmail:fetchmail:5.1.4Fetchmail 5.1.4
cpe:/a:fetchmail:fetchmail:5.9.11Fetchmail 5.9.11
cpe:/a:fetchmail:fetchmail:5.3.1Fetchmail 5.3.1
cpe:/a:fetchmail:fetchmail:5.3.0Fetchmail 5.3.0
cpe:/a:fetchmail:fetchmail:5.8.13Fetchmail 5.8.13
cpe:/a:fetchmail:fetchmail:5.8.14Fetchmail 5.8.14
cpe:/a:fetchmail:fetchmail:4.7.0Fetchmail 4.7.0
cpe:/a:fetchmail:fetchmail:4.5.2Fetchmail 4.5.2
cpe:/a:fetchmail:fetchmail:4.5.1Fetchmail 4.5.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1174
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1174
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200210-261
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000531
(UNKNOWN)  CONECTIVA  CLA-2002:531
http://marc.info/?l=bugtraq&m=103340148625187&w=2
(UNKNOWN)  BUGTRAQ  20020929 Advisory 03/2002: Fetchmail remote vulnerabilities
http://rhn.redhat.com/errata/RHSA-2002-215.html
(UNKNOWN)  REDHAT  RHSA-2002:215
http://www.debian.org/security/2002/dsa-171
(VENDOR_ADVISORY)  DEBIAN  DSA-171
http://www.iss.net/security_center/static/10203.php
(VENDOR_ADVISORY)  XF  fetchmail-multidrop-bo(10203)
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-063.php
(VENDOR_ADVISORY)  MANDRAKE  MDKSA-2002:063
http://www.linuxsecurity.com/advisories/other_advisory-2402.html
(UNKNOWN)  ENGARDE  ESA-20021003-023
http://www.securityfocus.com/bid/5825
(UNKNOWN)  BID  5825
http://www.securityfocus.com/bid/5827
(UNKNOWN)  BID  5827

- 漏洞信息

Eric S. Raymond Fetchmail Multidrop模式EMAIL头解析堆缓冲区溢出漏洞
高危 边界条件错误
2002-10-11 00:00:00 2005-10-20 00:00:00
远程  
        
        Fetchmail是一款由Eric S. Raymond维护的免费开放源代码邮件客户端。
        Fetchmail运行在multidrop模式下解析邮件头的代码存在问题,远程攻击者可以利用这个漏洞进行基于堆的缓冲区溢出,可能以Fetchmail进程在系统上执行任意指令。
        Fetchmail运行在multidrop模式下,使用parse_received()函数解析邮件"Received:"字符时存在问题。这个函数把"Received:"数据拷贝到基于堆的缓冲区时没有进行任何大小检查,特殊构建的"Received:"头数据可以覆盖任意字节的堆缓冲区。精心构建"Received:"头数据可覆盖堆中的任意地址,利用free()/realloc()函数可以导致以Fetchmail进程的权限在系统上执行任意指令。
        

- 公告与补丁

        厂商补丁:
        Conectiva
        ---------
        Conectiva已经为此发布了一个安全公告(CLA-2002:531)以及相应补丁:
        CLA-2002:531:fetchmail
        链接:
        http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000531

        补丁下载:
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/fetchmail-5.9.12-1U60_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/fetchmailconf-5.9.12-1U60_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/fetchmail-doc-5.9.12-1U60_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/fetchmail-5.9.12-1U60_3cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/fetchmail-5.9.12-1U70_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/fetchmailconf-5.9.12-1U70_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/fetchmail-doc-5.9.12-1U70_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/fetchmail-5.9.12-1U70_3cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/fetchmail-5.9.12-1U80_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/fetchmailconf-5.9.12-1U80_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/fetchmail-doc-5.9.12-1U80_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/SRPMS/fetchmail-5.9.12-1U80_2cl.src.rpm
        Conectiva Linux version 6.0及以上版本的用户可以使用apt进行RPM包的更新:
        - 把以下的文本行加入到/etc/apt/sources.list文件中:
        
        rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates
        (如果你不是使用6.0版本,用合适的版本号代替上面的6.0)
        - 执行: apt-get update
        - 更新以后,再执行: apt-get upgrade
        Debian
        ------
        Debian已经为此发布了一个安全公告(DSA-171-1)以及相应补丁:
        DSA-171-1:New fetchmail packages fix buffer overflows
        链接:
        http://www.debian.org/security/2002/dsa-171

        补丁下载:
        Source archives:
        
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2.dsc

        Size/MD5 checksum: 566 86a1178baa3487e805a33355ad3ae9ca
        
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2.diff.gz

        Size/MD5 checksum: 27775 0333f3e025e4b37abee2a64491f38eea
        
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3.orig.tar.gz

        Size/MD5 checksum: 755731 d2cffc4594ec2d36db6681b800f25e2a
        Architecture independent components:
        
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_5.3.3-4.2_all.deb

        Size/MD5 checksum: 63276 0b4940f3a569415e7c28dd96c38320cb
        Alpha architecture:
        
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_alpha.deb

        Size/MD5 checksum: 371634 1baca38aca2bf43437d56e10ed88a862
        ARM architecture:
        
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_arm.deb

        Size/MD5 checksum: 349456 44de8a9abf92435bbf5b964f3acc0fa6
        Intel IA-32 architecture:
        
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_i386.deb

        Size/MD5 checksum: 319508 a6574ad75f79694b96f51b9773be623b
        Motorola 680x0 architecture:
        
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_m68k.deb

        Size/MD5 checksum: 315662 cfce75c2bf709837dfbc3dc6708abd81
        PowerPC architecture:
        
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_powerpc.deb

        Size/MD5 checksum: 350250 8129d3f2ce8d0c0bd2403266b48a6bde
        Sun Sparc architecture:
        
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_sparc.deb

        Size/MD5 checksum: 350714 2c12d41c04324b5df87238d46f80cb76
        Debian GNU/Linux 3.0 alias woody
        - --------------------------------
        Source archives:
        
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1.dsc

        Size/MD5 checksum: 712 f10e451766beab56196f34798c7ba9db
        
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1.diff.gz

        Size/MD5 checksum: 300108 b9fa639e6a9582ac96d7ec4a495b0a3c
        
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11.orig.tar.gz

        Size/MD5 checksum: 950273 fff00cbf7be1d01a17605fee23ac96dd
        
        http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1.dsc

        Size/MD5 checksum: 707 43775de628a7fc825041f699c59a9578
        
        http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1.diff.gz

        Size/MD5 checksum: 296194 e1e0e64a296b6f0454298fc1dedf808d
        
        http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11.orig.tar.gz

        Size/MD5 checksum: 950273 fff00cbf7be1d01a17605fee23ac96dd
        Architecture independent components:
        

- 漏洞信息

4603
Fetchmail parse_received Command Execution Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-09-29 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Eric S. Raymond Fetchmail Multidrop Mode Email Header Parsing Heap Overflow Vulnerability
Boundary Condition Error 5827
Yes No
2002-09-30 12:00:00 2009-07-11 05:06:00
Discovery of this vulnerability credited to Stefan Esser <s.esser@e-matters.de>.

- 受影响的程序版本

Sun Cobalt Qube 3
Sun Cobalt Qube 2
Eric Raymond Fetchmail 6.0 .0
Eric Raymond Fetchmail 5.9.14
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
Eric Raymond Fetchmail 5.9.13
+ OpenPKG OpenPKG 1.1
+ S.u.S.E. Linux 8.1
Eric Raymond Fetchmail 5.9.12
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
Eric Raymond Fetchmail 5.9.11
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
Eric Raymond Fetchmail 5.9.10
Eric Raymond Fetchmail 5.9.9
+ HP Secure OS software for Linux 1.0
Eric Raymond Fetchmail 5.9.8
Eric Raymond Fetchmail 5.9.7
Eric Raymond Fetchmail 5.9.6
Eric Raymond Fetchmail 5.9.5
+ OpenPKG OpenPKG 1.0
Eric Raymond Fetchmail 5.9.4
Eric Raymond Fetchmail 5.9.3
Eric Raymond Fetchmail 5.9.2
Eric Raymond Fetchmail 5.9.1
Eric Raymond Fetchmail 5.9 .0
+ Immunix Immunix OS 7+
+ Red Hat Linux 6.2
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.2
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
+ Sun Linux 5.0
Eric Raymond Fetchmail 5.8 .0
+ S.u.S.E. Linux 7.2
Eric Raymond Fetchmail 5.7
Eric Raymond Fetchmail 5.6
Eric Raymond Fetchmail 5.5
+ Cobalt Qube 3.0
- Immunix Immunix OS 7.0 beta
- Immunix Immunix OS 7.0
Eric Raymond Fetchmail 5.4 .0
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ EnGarde Secure Linux 1.0.1
- Guardian Digital Engarde Secure Linux 1.0.1
Eric Raymond Fetchmail 5.3.8
Eric Raymond Fetchmail 5.3.7
Eric Raymond Fetchmail 5.3.6
Eric Raymond Fetchmail 5.3.5
Eric Raymond Fetchmail 5.3.4
Eric Raymond Fetchmail 5.3.3
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
Eric Raymond Fetchmail 5.3.2
Eric Raymond Fetchmail 5.3.1
- Immunix Immunix OS 6.2
Eric Raymond Fetchmail 5.3
Cobalt Qube 2.0
Apple Mac OS X 10.2.2
Apple Mac OS X 10.2
Eric Raymond Fetchmail 6.1 .0
+ EnGarde Secure Linux 1.0.1
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
Apple Mac OS X 10.2.3

- 不受影响的程序版本

Eric Raymond Fetchmail 6.1 .0
+ EnGarde Secure Linux 1.0.1
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
Apple Mac OS X 10.2.3

- 漏洞讨论

A remotely exploitable heap overflow vulnerability has been reported for Fetchmail 6.0.0 and earlier. The vulnerability occurs in the function which is used to parse email headers. This vulnerability affects Fetchmail in multidrop mode and will cause Fetchmail to corrupt heap memory with attacker-supplied values.

An attacker may exploit this condition to overwrite arbitrary words in memory. This may allow for the execution of arbitrary code.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Gentoo Linux has released an advisory. It is highly advised that users who have installed net-mail/fetchmai-0.59.14 and earlier update their systems by issuing the following commands:

emerge rsync
emerge fetchmail
emerge clean

Users of EnGarde Secure Linux are advised to upgrade vulnerable systems by installing the RPMs listed in the advisory. Further details can be found in the referenced advisory.

Conectiva has released an advisory. Fixes are available.

Sun has released an advisory. Sun Cobalt Qube 2.0, Qube 3.0 and Sun Linux 5.0 are vulnerable to this issue. Upgrade details are available in Sun Alert 47784.

Apple advises users to upgrade to MacOS X 10.2.3. Upgrades are available for MacOS X 10.2 and 10.2.2. Other versions may also be affected.

The vendor has released Fetchmail 6.1.0 which is not vulnerable to this issue. Users are advised to upgrade to the newest version of Fetchmail:


Sun Cobalt Qube 3

Apple Mac OS X 10.2

Apple Mac OS X 10.2.2

Eric Raymond Fetchmail 5.3.3

Eric Raymond Fetchmail 5.4 .0

Eric Raymond Fetchmail 5.5

Eric Raymond Fetchmail 5.6

Eric Raymond Fetchmail 5.7

Eric Raymond Fetchmail 5.8 .0

Eric Raymond Fetchmail 5.9 .0

Eric Raymond Fetchmail 5.9.10

Eric Raymond Fetchmail 5.9.11

Eric Raymond Fetchmail 5.9.12

Eric Raymond Fetchmail 5.9.6

Eric Raymond Fetchmail 5.9.7

Eric Raymond Fetchmail 5.9.8

Eric Raymond Fetchmail 5.9.9

Eric Raymond Fetchmail 6.0 .0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站