Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-520-1.NASL
HistoryNov 10, 2007 - 12:00 a.m.

Ubuntu 6.06 LTS / 6.10 / 7.04 : fetchmail vulnerabilities (USN-520-1)

2007-11-1000:00:00
Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
JSON

Gaetan Leurent discovered a vulnerability in the APOP protocol based on MD5 collisions. As fetchmail supports the APOP protocol, this vulnerability can be used by attackers to discover a portion of the APOP user’s authentication credentials. (CVE-2007-1558)

Earl Chew discovered that fetchmail can be made to de-reference a NULL pointer when contacting SMTP servers. This vulnerability can be used by attackers who control the SMTP server to crash fetchmail and cause a denial of service. (CVE-2007-4565).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-520-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(28125);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2007-1558", "CVE-2007-4565");
  script_xref(name:"USN", value:"520-1");

  script_name(english:"Ubuntu 6.06 LTS / 6.10 / 7.04 : fetchmail vulnerabilities (USN-520-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Gaetan Leurent discovered a vulnerability in the APOP protocol based
on MD5 collisions. As fetchmail supports the APOP protocol, this
vulnerability can be used by attackers to discover a portion of the
APOP user's authentication credentials. (CVE-2007-1558)

Earl Chew discovered that fetchmail can be made to de-reference a NULL
pointer when contacting SMTP servers. This vulnerability can be used
by attackers who control the SMTP server to crash fetchmail and cause
a denial of service. (CVE-2007-4565).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/520-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected fetchmail and / or fetchmailconf packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:fetchmail");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:fetchmailconf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/09/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(6\.06|6\.10|7\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10 / 7.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"6.06", pkgname:"fetchmail", pkgver:"6.3.2-2ubuntu2.2")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"fetchmailconf", pkgver:"6.3.2-2ubuntu2.2")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"fetchmail", pkgver:"6.3.4-1ubuntu4.2")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"fetchmailconf", pkgver:"6.3.4-1ubuntu4.2")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"fetchmail", pkgver:"6.3.6-1ubuntu2.1")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"fetchmailconf", pkgver:"6.3.6-1ubuntu2.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fetchmail / fetchmailconf");
}
VendorProductVersionCPE
canonicalubuntu_linuxfetchmailp-cpe:/a:canonical:ubuntu_linux:fetchmail
canonicalubuntu_linuxfetchmailconfp-cpe:/a:canonical:ubuntu_linux:fetchmailconf
canonicalubuntu_linux6.06cpe:/o:canonical:ubuntu_linux:6.06:-:lts
canonicalubuntu_linux6.10cpe:/o:canonical:ubuntu_linux:6.10
canonicalubuntu_linux7.04cpe:/o:canonical:ubuntu_linux:7.04

Related

ubuntu 2
openvas 74
nessus 59
redhat 7
veracode 2
altlinux 5
debiancve 2
freebsd 3
jvn 1
fedora 9
oraclelinux 7
ubuntucve 2
prion 2
centos 8
mozilla 1
cve 2
securityvulns 5
debian 4
osv 3
seebug 1
ubuntu
ubuntu
fetchmail vulnerabilities
2007-09-26 00:00:00
Thunderbird vulnerabilities
2007-06-06 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-520-1)
2009-03-23 00:00:00
Ubuntu Update for fetchmail vulnerabilities USN-520-1
2009-03-23 00:00:00
FreeBSD Ports: claws-mail
2008-09-04 00:00:00
nessus
nessus
RHEL 5 : evolution-data-server (RHSA-2007:0344)
2007-06-01 00:00:00
openSUSE 10 Security Update : mutt (mutt-3751)
2007-10-17 00:00:00
CentOS 3 / 4 : evolution (CESA-2007:0353)
2007-05-20 00:00:00
redhat
redhat
(RHSA-2007:0344) Moderate: evolution-data-server security update
2007-05-30 00:00:00
(RHSA-2007:0353) Moderate: evolution security update
2007-05-17 00:00:00
(RHSA-2007:0385) Moderate: fetchmail security update
2007-06-07 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:14:27
Denial Of Service (DoS)
2020-04-10 00:36:11
altlinux
altlinux
Security fix for the ALT Linux 6 package fetchmail version 6.3.8-alt1
2007-04-07 00:00:00
Security fix for the ALT Linux 6 package fetchmail version 6.3.8-alt4
2007-09-05 00:00:00
Security fix for the ALT Linux 5 package fetchmail version 6.3.8-alt4
2007-09-05 00:00:00
debiancve
debiancve
CVE-2007-1558
2007-04-16 22:19:00
CVE-2007-4565
2007-08-28 01:17:00
freebsd
freebsd
claws-mail -- APOP vulnerability
2007-04-02 00:00:00
fetchmail -- insecure APOP authentication
2007-04-06 00:00:00
fetchmail -- denial of service on reject of local warning message
2007-07-29 00:00:00
jvn
jvn
JVN#19445002 APOP password recovery vulnerability
2007-04-19 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: balsa-2.3.17-2.fc7
2007-08-06 17:58:24
[SECURITY] Fedora 7 Update: fetchmail-6.3.7-2.fc7
2007-09-04 22:10:40
[SECURITY] Fedora Core 6 Update: fetchmail-6.3.6-3.fc6
2007-09-04 21:26:32
oraclelinux
oraclelinux
Moderate: evolution-data-server security update
2007-06-26 00:00:00
Moderate: fetchmail security update
2007-06-07 00:00:00
Moderate: evolution security update
2007-05-17 00:00:00
ubuntucve
ubuntucve
CVE-2007-1558
2007-04-16 00:00:00
CVE-2007-4565
2007-08-28 00:00:00
prion
prion
Code injection
2007-04-16 22:19:00
Design/Logic Flaw
2007-08-28 01:17:00
centos
centos
evolution security update
2007-05-31 10:11:00
evolution security update
2007-05-17 16:27:09
fetchmail security update
2007-06-07 09:31:34
mozilla
mozilla
Security Vulnerability in APOP Authentication β€” Mozilla
2007-05-30 00:00:00
cve
cve
CVE-2007-1558
2007-04-16 22:19:00
CVE-2007-4565
2007-08-28 01:17:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2007-15
2007-06-01 00:00:00
Fetchmail mail delivery DoS
2007-09-06 00:00:00
fetchmail security announcement fetchmail-SA-2007-02 &#40;CVE-2007-4565&#41;
2008-06-17 00:00:00
debian
debian
[SECURITY] [DSA 1377-2] New fetchmail packages fix denial of service
2007-09-21 16:43:46
[SECURITY] [DSA 1377-1] New fetchmail packages fix denial of service
2007-09-21 11:28:16
[SECURITY] [DSA 1305-1] New icedove packages fix several vulnerabilities
2007-06-13 17:34:11
osv
osv
fetchmail - null pointer dereference
2007-09-21 00:00:00
icedove - several vulnerabilities
2007-06-13 00:00:00
iceape
2007-06-07 00:00:00
seebug
seebug
Fetchmailζ— ζ•ˆθ­¦ε‘ŠζΆˆζ―ζœ¬εœ°ζ‹’η»ζœεŠ‘ζΌζ΄ž
2007-09-06 00:00:00
JSON
Related for UBUNTU_USN-520-1.NASL
ubuntu2openvas74nessus59redhat7veracode2altlinux5debiancve2freebsd3jvn1fedora9oraclelinux7ubuntucve2prion2centos8mozilla1cve2securityvulns5debian4osv3seebug1