Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2007-179.NASL
HistorySep 14, 2007 - 12:00 a.m.

Mandrake Linux Security Advisory : fetchmail (MDKSA-2007:179)

2007-09-1400:00:00
This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.
www.tenable.com
15
JSON

A vulnerability in fetchmail was found where it could crash when attempting to deliver an internal warning or error message through an untrusted or compromised SMTP server, leading to a denial of service.

Updated packages have been patched to prevent these issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2007:179. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(26046);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2007-4565");
  script_xref(name:"MDKSA", value:"2007:179");

  script_name(english:"Mandrake Linux Security Advisory : fetchmail (MDKSA-2007:179)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A vulnerability in fetchmail was found where it could crash when
attempting to deliver an internal warning or error message through an
untrusted or compromised SMTP server, leading to a denial of service.

Updated packages have been patched to prevent these issues."
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected fetchmail, fetchmail-daemon and / or fetchmailconf
packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:fetchmail");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:fetchmail-daemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:fetchmailconf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/09/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/14");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2007.0", reference:"fetchmail-6.3.4-3.3mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"fetchmail-daemon-6.3.4-3.3mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"fetchmailconf-6.3.4-3.3mdv2007.0", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2007.1", reference:"fetchmail-6.3.6-1.2mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"fetchmail-daemon-6.3.6-1.2mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"fetchmailconf-6.3.6-1.2mdv2007.1", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxfetchmailp-cpe:/a:mandriva:linux:fetchmail
mandrivalinuxfetchmail-daemonp-cpe:/a:mandriva:linux:fetchmail-daemon
mandrivalinuxfetchmailconfp-cpe:/a:mandriva:linux:fetchmailconf
mandrivalinux2007cpe:/o:mandriva:linux:2007
mandrivalinux2007.1cpe:/o:mandriva:linux:2007.1

Related

prion 1
openvas 31
freebsd 1
ubuntucve 1
nessus 13
debian 2
securityvulns 4
altlinux 4
fedora 2
osv 1
cve 1
veracode 1
seebug 1
debiancve 1
ubuntu 1
oraclelinux 1
redhat 1
centos 1
prion
prion
Design/Logic Flaw
2007-08-28 01:17:00
openvas
openvas
Debian Security Advisory DSA 1377-1 (fetchmail)
2008-01-17 00:00:00
Debian Security Advisory DSA 1377-1 (fetchmail)
2008-01-17 00:00:00
SLES10: Security update for fetchmail
2009-10-13 00:00:00
freebsd
freebsd
fetchmail -- denial of service on reject of local warning message
2007-07-29 00:00:00
ubuntucve
ubuntucve
CVE-2007-4565
2007-08-28 00:00:00
nessus
nessus
SuSE 10 Security Update : fetchmail (ZYPP Patch Number 4462)
2007-12-13 00:00:00
openSUSE 10 Security Update : fetchmail (fetchmail-4490)
2007-10-25 00:00:00
Fedora Core 6 : fetchmail-6.3.6-3.fc6 (2007-689)
2007-09-05 00:00:00
debian
debian
[SECURITY] [DSA 1377-2] New fetchmail packages fix denial of service
2007-09-21 16:43:46
[SECURITY] [DSA 1377-1] New fetchmail packages fix denial of service
2007-09-21 11:28:16
securityvulns
securityvulns
Fetchmail mail delivery DoS
2007-09-06 00:00:00
fetchmail security announcement fetchmail-SA-2007-02 (CVE-2007-4565)
2008-06-17 00:00:00
rPSA-2007-0178-1 fetchmail
2007-09-06 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package fetchmail version 6.3.8-alt4
2007-09-05 00:00:00
Security fix for the ALT Linux 5 package fetchmail version 6.3.8-alt4
2007-09-05 00:00:00
Security fix for the ALT Linux 6 package fetchmail version 6.3.9-alt1
2008-12-01 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: fetchmail-6.3.7-2.fc7
2007-09-04 22:10:40
[SECURITY] Fedora Core 6 Update: fetchmail-6.3.6-3.fc6
2007-09-04 21:26:32
osv
osv
fetchmail - null pointer dereference
2007-09-21 00:00:00
cve
cve
CVE-2007-4565
2007-08-28 01:17:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:36:11
seebug
seebug
Fetchmailζ— ζ•ˆθ­¦ε‘ŠζΆˆζ―ζœ¬εœ°ζ‹’η»ζœεŠ‘ζΌζ΄ž
2007-09-06 00:00:00
debiancve
debiancve
CVE-2007-4565
2007-08-28 01:17:00
ubuntu
ubuntu
fetchmail vulnerabilities
2007-09-26 00:00:00
oraclelinux
oraclelinux
fetchmail security update
2009-09-09 00:00:00
redhat
redhat
(RHSA-2009:1427) Moderate: fetchmail security update
2009-09-08 00:00:00
centos
centos
fetchmail security update
2009-09-08 17:07:54
JSON
Related for MANDRAKE_MDKSA-2007-179.NASL
prion1openvas31freebsd1ubuntucve1nessus13debian2securityvulns4altlinux4fedora2osv1cve1veracode1seebug1debiancve1ubuntu1oraclelinux1redhat1centos1