klieber
Bodhisattva
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
 Posted: Tue Oct 01, 2002 1:47 pm Post subject: [gentoo-announce] GLSA: fetchmail |
 |
|
| Daniel Ahlberg wrote: | - - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT
- - --------------------------------------------------------------------
PACKAGE :fetchmail
SUMMARY :remote vulnerabilities
DATE :2002-10-01 09:30 UTC
- - --------------------------------------------------------------------
OVERVIEW
Stefan Esser from e-matters has discovered several buffer overflows and a broken boundary check within Fetchmail.
DETAIL
If Fetchmail is running in multidrop mode these flaws can be used by remote attackers to crash it or to execute arbitrary code with the permissions of the user running fetchmail. Depending on the configuration this allows a remote root compromise.
Read the full advisory at
http://security.e-matters.de/advisories/032002.html
SOLUTION
It is recommended that all Gentoo Linux users who are running net-mail/fetchmai-0.59.14 and earlier update their systems as follows:
emerge rsync
emerge fetchmail
emerge clean |
Mailing List Archives: http://lists.gentoo.org/pipermail/gentoo-announce/2002-October/000209.html
--kurt
_________________
The problem with political jokes is that they get elected |
|
News & Announcements
