79654 2002-10-01  18:10  /50 rader/ Daniel Ahlberg <aliz@gentoo.org>
Importerad: 2002-10-01  18:10  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <1724>
Ärende: GLSA: fetchmail
------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT
- - --------------------------------------------------------------------

PACKAGE        :fetchmail
SUMMARY        :remote vulnerabilities
DATE           :2002-10-01 09:30 UTC

- - --------------------------------------------------------------------

OVERVIEW

Stefan Esser from e-matters has discovered several buffer overflows
and a broken boundary check within Fetchmail.

DETAIL

If Fetchmail is running in multidrop mode these flaws can be used by
remote attackers to crash it or to execute arbitrary code with the
permissions of the user running fetchmail. Depending on the
configuration this allows a remote root compromise.

Read the full advisory at
http://security.e-matters.de/advisories/032002.html

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-mail/fetchmai-0.59.14 and earlier update their systems
as follows:

emerge rsync
emerge fetchmail
emerge clean

- - --------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9mW3bfT7nyhUpoZMRAj24AJ4v6eTU4W0kFymRqxVhVm+pzLzqvACcCLP0
X1kl66YrBuEJozTTNzpwhAg=
=9mUU
-----END PGP SIGNATURE-----
(79654) /Daniel Ahlberg <aliz@gentoo.org>/(Ombruten)