Rapid7 Vulnerability & Exploit Database

RHSA-2001:103: Updated fetchmail packages available

Back to Search

RHSA-2001:103: Updated fetchmail packages available

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

08/31/2001

Created

07/25/2018

Added

10/28/2005

Modified

07/04/2017

Description

Updated fetchmail packages are now available for Red Hat Linux 5.2, 6.2, 7, and 7.1. These packages close a remotely-exploitable vulnerability in fetchmail.

Fetchmail versions up to 5.8.9 are susceptible to remote attacks from malicious servers. When fetchmail attempts to create an index of messages in the remote mailbox being polled, it uses index numbers sent by the server as an index into an internal array. If a server sends fetchmail a negative number, fetchmail will attempt to write data outside the bounds of the array.

Solution(s)

redhat-upgrade-fetchmail
redhat-upgrade-fetchmailconf

References

https://attackerkb.com/topics/cve-2001-0819
2877
3164
3166
CSSA-2001-022.1
CLA-2001:403
CLA-2001:419
CVE - 2001-0819
CVE - 2001-1009
CVE - 2001-1378
DSA-060
DSA-071
MDKSA-2001:063
MDKSA-2001:072
RHSA-2001:103
SuSE-SA:2001:026
6704
6965

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

RHSA-2001:103: Updated fetchmail packages available