fetchmail security update

2009-09-09T00:00:00

Description

[6.3.6-1.1.el5_3.1] - Fix fetchmail various flaws (CVE-2007-4565, CVE-2008-2711, CVE-2009-2666) Resolves: #516269

{"id": "ELSA-2009-1427", "type": "oraclelinux", "bulletinFamily": "unix", "title": "fetchmail security update", "description": "[6.3.6-1.1.el5_3.1]\n- Fix fetchmail various flaws (CVE-2007-4565, CVE-2008-2711, CVE-2009-2666)\n Resolves: #516269", "published": "2009-09-09T00:00:00", "modified": "2009-09-09T00:00:00", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "href": "http://linux.oracle.com/errata/ELSA-2009-1427.html", "reporter": "Oracle", "references": [], "cvelist": ["CVE-2009-2666", "CVE-2007-4565", "CVE-2008-2711"], "immutableFields": [], "lastseen": "2019-05-29T18:37:23", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2009:1427"]}, {"type": "cve", "idList": ["CVE-2007-4565", "CVE-2008-2711", "CVE-2009-2666"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1377-1:F4A0B", "DEBIAN:DSA-1377-2:20B24", "DEBIAN:DSA-1852-1:8C929"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2007-4565", "DEBIANCVE:CVE-2008-2711", "DEBIANCVE:CVE-2009-2666"]}, {"type": "fedora", "idList": ["FEDORA:4524810F8B4", "FEDORA:D52F410F886", "FEDORA:L84LQWGQ024974", "FEDORA:L84MAGHD029693", "FEDORA:M5SMESRC003240", "FEDORA:M5SMFHKA003295"]}, {"type": "freebsd", "idList": ["168190DF-3E9A-11DD-87BC-000EA69A5213", "1E8E63C0-478A-11DD-A88D-000EA69A5213", "45500F74-5947-11DC-87C1-000E2E5785AD", "5179D85C-8683-11DE-91B9-0022157515B2", "CBFD1874-EFEA-11EB-8FE9-036BD763FF35"]}, {"type": "gentoo", "idList": ["GLSA-201006-12"]}, {"type": "nessus", "idList": ["5227.PRM", "800795.PRM", "CENTOS_RHSA-2009-1427.NASL", "DEBIAN_DSA-1377.NASL", "DEBIAN_DSA-1852.NASL", "FEDORA_2007-1983.NASL", "FEDORA_2007-689.NASL", "FEDORA_2008-5789.NASL", "FEDORA_2008-5800.NASL", "FEDORA_2009-8770.NASL", "FEDORA_2009-8780.NASL", "FREEBSD_PKG_168190DF3E9A11DD87BC000EA69A5213.NASL", "FREEBSD_PKG_1E8E63C0478A11DDA88D000EA69A5213.NASL", "FREEBSD_PKG_45500F74594711DC87C1000E2E5785AD.NASL", "FREEBSD_PKG_5179D85C868311DE91B90022157515B2.NASL", "FREEBSD_PKG_CBFD1874EFEA11EB8FE9036BD763FF35.NASL", "GENTOO_GLSA-201006-12.NASL", "MACOSX_10_6_2.NASL", "MACOSX_SECUPD2009-001.NASL", "MACOSX_SECUPD2009-006.NASL", "MANDRAKE_MDKSA-2007-179.NASL", "MANDRIVA_MDVSA-2008-117.NASL", "MANDRIVA_MDVSA-2009-201.NASL", "ORACLELINUX_ELSA-2009-1427.NASL", "REDHAT-RHSA-2009-1427.NASL", "SLACKWARE_SSA_2008-210-01.NASL", "SLACKWARE_SSA_2009-218-01.NASL", "SL_20090908_FETCHMAIL_ON_SL3_X.NASL", "SUSE9_11814.NASL", "SUSE9_12468.NASL", "SUSE_11_0_FETCHMAIL-090807.NASL", "SUSE_11_1_FETCHMAIL-090807.NASL", "SUSE_11_FETCHMAIL-090807.NASL", "SUSE_FETCHMAIL-4462.NASL", "SUSE_FETCHMAIL-4490.NASL", "SUSE_FETCHMAIL-6409.NASL", "SUSE_FETCHMAIL-6410.NASL", "UBUNTU_USN-520-1.NASL", "UBUNTU_USN-816-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:102026", "OPENVAS:102038", "OPENVAS:1361412562310102026", "OPENVAS:1361412562310102038", "OPENVAS:1361412562310122440", "OPENVAS:136141256231061477", "OPENVAS:136141256231064568", "OPENVAS:136141256231064609", "OPENVAS:136141256231064631", "OPENVAS:136141256231064642", "OPENVAS:136141256231064657", "OPENVAS:136141256231064808", "OPENVAS:136141256231064816", "OPENVAS:136141256231064818", "OPENVAS:136141256231064900", "OPENVAS:136141256231065548", "OPENVAS:136141256231065567", "OPENVAS:136141256231065702", "OPENVAS:136141256231065936", "OPENVAS:136141256231065992", "OPENVAS:136141256231066396", "OPENVAS:136141256231069015", "OPENVAS:1361412562310830031", "OPENVAS:1361412562310830610", "OPENVAS:1361412562310880813", "OPENVAS:1361412562310880879", "OPENVAS:1361412562310880936", "OPENVAS:58615", "OPENVAS:58616", "OPENVAS:58808", "OPENVAS:61189", "OPENVAS:61220", "OPENVAS:61477", "OPENVAS:64568", "OPENVAS:64609", "OPENVAS:64631", "OPENVAS:64642", "OPENVAS:64655", "OPENVAS:64657", "OPENVAS:64808", "OPENVAS:64816", "OPENVAS:64818", "OPENVAS:64900", "OPENVAS:65548", "OPENVAS:65567", "OPENVAS:65702", "OPENVAS:65936", "OPENVAS:65992", "OPENVAS:66396", "OPENVAS:69015", "OPENVAS:830031", "OPENVAS:830610", "OPENVAS:840065", "OPENVAS:860438", "OPENVAS:860656", "OPENVAS:861001", "OPENVAS:861535", "OPENVAS:880813", "OPENVAS:880879", "OPENVAS:880936"]}, {"type": "osv", "idList": ["OSV:DSA-1377-2", "OSV:DSA-1852-1"]}, {"type": "redhat", "idList": ["RHSA-2009:1427"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-36386"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:17944", "SECURITYVULNS:DOC:20057", "SECURITYVULNS:DOC:20058", "SECURITYVULNS:DOC:22268", "SECURITYVULNS:DOC:22276", "SECURITYVULNS:VULN:10125", "SECURITYVULNS:VULN:8123", "SECURITYVULNS:VULN:9095"]}, {"type": "seebug", "idList": ["SSV:12016", "SSV:2191", "SSV:3436"]}, {"type": "slackware", "idList": ["SSA-2008-210-01", "SSA-2009-218-01"]}, {"type": "suse", "idList": ["SUSE-SA:2009:044"]}, {"type": "ubuntu", "idList": ["USN-520-1", "USN-816-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2007-4565", "UB:CVE-2008-2711", "UB:CVE-2009-2666"]}, {"type": "veracode", "idList": ["VERACODE:23789", "VERACODE:23790", "VERACODE:23791"]}]}, "score": {"value": 1.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2009:1427"]}, {"type": "cve", "idList": ["CVE-2007-4565"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1377-1:F4A0B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2007-4565", "DEBIANCVE:CVE-2008-2711", "DEBIANCVE:CVE-2009-2666"]}, {"type": "fedora", "idList": ["FEDORA:L84MAGHD029693"]}, {"type": "freebsd", "idList": ["168190DF-3E9A-11DD-87BC-000EA69A5213", "1E8E63C0-478A-11DD-A88D-000EA69A5213", "45500F74-5947-11DC-87C1-000E2E5785AD", "5179D85C-8683-11DE-91B9-0022157515B2"]}, {"type": "gentoo", "idList": ["GLSA-201006-12"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/FREEBSD-VID-5179D85C-8683-11DE-91B9-0022157515B2/"]}, {"type": "nessus", "idList": ["FEDORA_2008-5800.NASL", "SUSE9_11814.NASL", "SUSE_11_FETCHMAIL-090807.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122440", "OPENVAS:136141256231064900", "OPENVAS:136141256231066396", "OPENVAS:64900", "OPENVAS:66396"]}, {"type": "redhat", "idList": ["RHSA-2009:1427"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-36386"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:20058"]}, {"type": "seebug", "idList": ["SSV:3436"]}, {"type": "ubuntu", "idList": ["USN-816-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-2711"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2009-2666", "epss": "0.001480000", "percentile": "0.490640000", "modified": "2023-03-13"}, {"cve": "CVE-2007-4565", "epss": "0.012710000", "percentile": "0.835520000", "modified": "2023-03-13"}, {"cve": "CVE-2008-2711", "epss": "0.098560000", "percentile": "0.938660000", "modified": "2023-03-13"}], "vulnersScore": 1.7}, "affectedSoftware": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1660004461, "score": 1683811507, "epss": 1678780633}, "_internal": {"score_hash": "7832b925205aa0c0b7434258c5b9219f"}}

{"openvas": [{"lastseen": "2019-05-29T18:39:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for fetchmail CESA-2009:1427 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666", "CVE-2007-4565", "CVE-2008-2711"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880879", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880879", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for fetchmail CESA-2009:1427 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-September/016125.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880879\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"CESA\", value:\"2009:1427\");\n script_cve_id(\"CVE-2007-4565\", \"CVE-2008-2711\", \"CVE-2009-2666\");\n script_name(\"CentOS Update for fetchmail CESA-2009:1427 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'fetchmail'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS3\");\n script_tag(name:\"affected\", value:\"fetchmail on CentOS 3\");\n script_tag(name:\"insight\", value:\"Fetchmail is a remote mail retrieval and forwarding utility intended for\n use over on-demand TCP/IP links, such as SLIP and PPP connections.\n\n It was discovered that fetchmail is affected by the previously published\n 'null prefix attack', caused by incorrect handling of NULL characters in\n X.509 certificates. If an attacker is able to get a carefully-crafted\n certificate signed by a trusted Certificate Authority, the attacker could\n use the certificate during a man-in-the-middle attack and potentially\n confuse fetchmail into accepting it by mistake. (CVE-2009-2666)\n\n A flaw was found in the way fetchmail handles rejections from a remote SMTP\n server when sending warning mail to the postmaster. If fetchmail sent a\n warning mail to the postmaster of an SMTP server and that SMTP server\n rejected it, fetchmail could crash. (CVE-2007-4565)\n\n A flaw was found in fetchmail. When fetchmail is run in double verbose\n mode ('-v -v'), it could crash upon receiving certain, malformed mail\n messages with long headers. A remote attacker could use this flaw to cause\n a denial of service if fetchmail was also running in daemon mode ('-d').\n (CVE-2008-2711)\n\n Note: when using SSL-enabled services, it is recommended that the fetchmail\n '--sslcertck' option be used to enforce strict SSL certificate checking.\n\n All fetchmail users should upgrade to this updated package, which contains\n backported patches to correct these issues. If fetchmail is running in\n daemon mode, it must be restarted for this update to take effect (use the\n 'fetchmail --quit' command to stop the fetchmail process).\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.2.0~3.el3.5\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2018-04-06T11:37:23", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1427.\n\nFetchmail is a remote mail retrieval and forwarding utility intended for\nuse over on-demand TCP/IP links, such as SLIP and PPP connections.\n\nIt was discovered that fetchmail is affected by the previously published\nnull prefix attack, caused by incorrect handling of NULL characters in\nX.509 certificates. If an attacker is able to get a carefully-crafted\ncertificate signed by a trusted Certificate Authority, the attacker could\nuse the certificate during a man-in-the-middle attack and potentially\nconfuse fetchmail into accepting it by mistake. (CVE-2009-2666)\n\nA flaw was found in the way fetchmail handles rejections from a remote SMTP\nserver when sending warning mail to the postmaster. If fetchmail sent a\nwarning mail to the postmaster of an SMTP server and that SMTP server\nrejected it, fetchmail could crash. (CVE-2007-4565)\n\nA flaw was found in fetchmail. When fetchmail is run in double verbose\nmode (-v -v), it could crash upon receiving certain, malformed mail\nmessages with long headers. A remote attacker could use this flaw to cause\na denial of service if fetchmail was also running in daemon mode (-d).\n(CVE-2008-2711)\n\nNote: when using SSL-enabled services, it is recommended that the fetchmail\n--sslcertck option be used to enforce strict SSL certificate checking.\n\nAll fetchmail users should upgrade to this updated package, which contains\nbackported patches to correct these issues. If fetchmail is running in\ndaemon mode, it must be restarted for this update to take effect (use the\nfetchmail --quit command to stop the fetchmail process).", "cvss3": {}, "published": "2009-09-09T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1427", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666", "CVE-2007-4565", "CVE-2008-2711"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064808", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064808", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1427.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1427 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1427.\n\nFetchmail is a remote mail retrieval and forwarding utility intended for\nuse over on-demand TCP/IP links, such as SLIP and PPP connections.\n\nIt was discovered that fetchmail is affected by the previously published\nnull prefix attack, caused by incorrect handling of NULL characters in\nX.509 certificates. If an attacker is able to get a carefully-crafted\ncertificate signed by a trusted Certificate Authority, the attacker could\nuse the certificate during a man-in-the-middle attack and potentially\nconfuse fetchmail into accepting it by mistake. (CVE-2009-2666)\n\nA flaw was found in the way fetchmail handles rejections from a remote SMTP\nserver when sending warning mail to the postmaster. If fetchmail sent a\nwarning mail to the postmaster of an SMTP server and that SMTP server\nrejected it, fetchmail could crash. (CVE-2007-4565)\n\nA flaw was found in fetchmail. When fetchmail is run in double verbose\nmode (-v -v), it could crash upon receiving certain, malformed mail\nmessages with long headers. A remote attacker could use this flaw to cause\na denial of service if fetchmail was also running in daemon mode (-d).\n(CVE-2008-2711)\n\nNote: when using SSL-enabled services, it is recommended that the fetchmail\n--sslcertck option be used to enforce strict SSL certificate checking.\n\nAll fetchmail users should upgrade to this updated package, which contains\nbackported patches to correct these issues. If fetchmail is running in\ndaemon mode, it must be restarted for this update to take effect (use the\nfetchmail --quit command to stop the fetchmail process).\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64808\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-09 02:15:49 +0200 (Wed, 09 Sep 2009)\");\n script_cve_id(\"CVE-2007-4565\", \"CVE-2008-2711\", \"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"RedHat Security Advisory RHSA-2009:1427\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1427.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.2.0~3.el3.5\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-debuginfo\", rpm:\"fetchmail-debuginfo~6.2.0~3.el3.5\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.2.5~6.0.1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-debuginfo\", rpm:\"fetchmail-debuginfo~6.2.5~6.0.1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.6~1.1.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-debuginfo\", rpm:\"fetchmail-debuginfo~6.3.6~1.1.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:36:18", "description": "Oracle Linux Local Security Checks ELSA-2009-1427", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-1427", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666", "CVE-2007-4565", "CVE-2008-2711"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122440", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122440", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-1427.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122440\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:45:26 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-1427\");\n script_tag(name:\"insight\", value:\"ELSA-2009-1427 - fetchmail security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-1427\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-1427.html\");\n script_cve_id(\"CVE-2007-4565\", \"CVE-2008-2711\", \"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.6~1.1.el5_3.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2017-07-25T10:55:29", "description": "Check for the Version of fetchmail", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for fetchmail CESA-2009:1427 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666", "CVE-2007-4565", "CVE-2008-2711"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880936", "href": "http://plugins.openvas.org/nasl.php?oid=880936", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for fetchmail CESA-2009:1427 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Fetchmail is a remote mail retrieval and forwarding utility intended for\n use over on-demand TCP/IP links, such as SLIP and PPP connections.\n\n It was discovered that fetchmail is affected by the previously published\n "null prefix attack", caused by incorrect handling of NULL characters in\n X.509 certificates. If an attacker is able to get a carefully-crafted\n certificate signed by a trusted Certificate Authority, the attacker could\n use the certificate during a man-in-the-middle attack and potentially\n confuse fetchmail into accepting it by mistake. (CVE-2009-2666)\n \n A flaw was found in the way fetchmail handles rejections from a remote SMTP\n server when sending warning mail to the postmaster. If fetchmail sent a\n warning mail to the postmaster of an SMTP server and that SMTP server\n rejected it, fetchmail could crash. (CVE-2007-4565)\n \n A flaw was found in fetchmail. When fetchmail is run in double verbose\n mode ("-v -v"), it could crash upon receiving certain, malformed mail\n messages with long headers. A remote attacker could use this flaw to cause\n a denial of service if fetchmail was also running in daemon mode ("-d").\n (CVE-2008-2711)\n \n Note: when using SSL-enabled services, it is recommended that the fetchmail\n "--sslcertck" option be used to enforce strict SSL certificate checking.\n \n All fetchmail users should upgrade to this updated package, which contains\n backported patches to correct these issues. If fetchmail is running in\n daemon mode, it must be restarted for this update to take effect (use the\n "fetchmail --quit" command to stop the fetchmail process).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"fetchmail on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-September/016128.html\");\n script_id(880936);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"CESA\", value: \"2009:1427\");\n script_cve_id(\"CVE-2007-4565\", \"CVE-2008-2711\", \"CVE-2009-2666\");\n script_name(\"CentOS Update for fetchmail CESA-2009:1427 centos4 i386\");\n\n script_summary(\"Check for the Version of fetchmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.2.5~6.0.1.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for fetchmail CESA-2009:1427 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666", "CVE-2007-4565", "CVE-2008-2711"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880813", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880813", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for fetchmail CESA-2009:1427 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-October/016226.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880813\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"CESA\", value:\"2009:1427\");\n script_cve_id(\"CVE-2007-4565\", \"CVE-2008-2711\", \"CVE-2009-2666\");\n script_name(\"CentOS Update for fetchmail CESA-2009:1427 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'fetchmail'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"fetchmail on CentOS 5\");\n script_tag(name:\"insight\", value:\"Fetchmail is a remote mail retrieval and forwarding utility intended for\n use over on-demand TCP/IP links, such as SLIP and PPP connections.\n\n It was discovered that fetchmail is affected by the previously published\n 'null prefix attack', caused by incorrect handling of NULL characters in\n X.509 certificates. If an attacker is able to get a carefully-crafted\n certificate signed by a trusted Certificate Authority, the attacker could\n use the certificate during a man-in-the-middle attack and potentially\n confuse fetchmail into accepting it by mistake. (CVE-2009-2666)\n\n A flaw was found in the way fetchmail handles rejections from a remote SMTP\n server when sending warning mail to the postmaster. If fetchmail sent a\n warning mail to the postmaster of an SMTP server and that SMTP server\n rejected it, fetchmail could crash. (CVE-2007-4565)\n\n A flaw was found in fetchmail. When fetchmail is run in double verbose\n mode ('-v -v'), it could crash upon receiving certain, malformed mail\n messages with long headers. A remote attacker could use this flaw to cause\n a denial of service if fetchmail was also running in daemon mode ('-d').\n (CVE-2008-2711)\n\n Note: when using SSL-enabled services, it is recommended that the fetchmail\n '--sslcertck' option be used to enforce strict SSL certificate checking.\n\n All fetchmail users should upgrade to this updated package, which contains\n backported patches to correct these issues. If fetchmail is running in\n daemon mode, it must be restarted for this update to take effect (use the\n 'fetchmail --quit' command to stop the fetchmail process).\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.6~1.1.el5_3.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:39:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for fetchmail CESA-2009:1427 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666", "CVE-2007-4565", "CVE-2008-2711"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880936", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880936", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for fetchmail CESA-2009:1427 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-September/016128.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880936\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"CESA\", value:\"2009:1427\");\n script_cve_id(\"CVE-2007-4565\", \"CVE-2008-2711\", \"CVE-2009-2666\");\n script_name(\"CentOS Update for fetchmail CESA-2009:1427 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'fetchmail'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"fetchmail on CentOS 4\");\n script_tag(name:\"insight\", value:\"Fetchmail is a remote mail retrieval and forwarding utility intended for\n use over on-demand TCP/IP links, such as SLIP and PPP connections.\n\n It was discovered that fetchmail is affected by the previously published\n 'null prefix attack', caused by incorrect handling of NULL characters in\n X.509 certificates. If an attacker is able to get a carefully-crafted\n certificate signed by a trusted Certificate Authority, the attacker could\n use the certificate during a man-in-the-middle attack and potentially\n confuse fetchmail into accepting it by mistake. (CVE-2009-2666)\n\n A flaw was found in the way fetchmail handles rejections from a remote SMTP\n server when sending warning mail to the postmaster. If fetchmail sent a\n warning mail to the postmaster of an SMTP server and that SMTP server\n rejected it, fetchmail could crash. (CVE-2007-4565)\n\n A flaw was found in fetchmail. When fetchmail is run in double verbose\n mode ('-v -v'), it could crash upon receiving certain, malformed mail\n messages with long headers. A remote attacker could use this flaw to cause\n a denial of service if fetchmail was also running in daemon mode ('-d').\n (CVE-2008-2711)\n\n Note: when using SSL-enabled services, it is recommended that the fetchmail\n '--sslcertck' option be used to enforce strict SSL certificate checking.\n\n All fetchmail users should upgrade to this updated package, which contains\n backported patches to correct these issues. If fetchmail is running in\n daemon mode, it must be restarted for this update to take effect (use the\n 'fetchmail --quit' command to stop the fetchmail process).\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.2.5~6.0.1.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2017-07-25T10:55:22", "description": "Check for the Version of fetchmail", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for fetchmail CESA-2009:1427 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666", "CVE-2007-4565", "CVE-2008-2711"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880813", "href": "http://plugins.openvas.org/nasl.php?oid=880813", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for fetchmail CESA-2009:1427 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Fetchmail is a remote mail retrieval and forwarding utility intended for\n use over on-demand TCP/IP links, such as SLIP and PPP connections.\n\n It was discovered that fetchmail is affected by the previously published\n "null prefix attack", caused by incorrect handling of NULL characters in\n X.509 certificates. If an attacker is able to get a carefully-crafted\n certificate signed by a trusted Certificate Authority, the attacker could\n use the certificate during a man-in-the-middle attack and potentially\n confuse fetchmail into accepting it by mistake. (CVE-2009-2666)\n \n A flaw was found in the way fetchmail handles rejections from a remote SMTP\n server when sending warning mail to the postmaster. If fetchmail sent a\n warning mail to the postmaster of an SMTP server and that SMTP server\n rejected it, fetchmail could crash. (CVE-2007-4565)\n \n A flaw was found in fetchmail. When fetchmail is run in double verbose\n mode ("-v -v"), it could crash upon receiving certain, malformed mail\n messages with long headers. A remote attacker could use this flaw to cause\n a denial of service if fetchmail was also running in daemon mode ("-d").\n (CVE-2008-2711)\n \n Note: when using SSL-enabled services, it is recommended that the fetchmail\n "--sslcertck" option be used to enforce strict SSL certificate checking.\n \n All fetchmail users should upgrade to this updated package, which contains\n backported patches to correct these issues. If fetchmail is running in\n daemon mode, it must be restarted for this update to take effect (use the\n "fetchmail --quit" command to stop the fetchmail process).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"fetchmail on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-October/016226.html\");\n script_id(880813);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"CESA\", value: \"2009:1427\");\n script_cve_id(\"CVE-2007-4565\", \"CVE-2008-2711\", \"CVE-2009-2666\");\n script_name(\"CentOS Update for fetchmail CESA-2009:1427 centos5 i386\");\n\n script_summary(\"Check for the Version of fetchmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.6~1.1.el5_3.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:23", "description": "The remote host is missing updates to fetchmail announced in\nadvisory CESA-2009:1427.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1427 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666", "CVE-2007-4565", "CVE-2008-2711"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64900", "href": "http://plugins.openvas.org/nasl.php?oid=64900", "sourceData": "#CESA-2009:1427 64900 8\n# $Id: ovcesa2009_1427.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1427 (fetchmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1427\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1427\nhttps://rhn.redhat.com/errata/RHSA-2009-1427.html\";\ntag_summary = \"The remote host is missing updates to fetchmail announced in\nadvisory CESA-2009:1427.\";\n\n\n\nif(description)\n{\n script_id(64900);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2007-4565\", \"CVE-2008-2711\", \"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"CentOS Security Advisory CESA-2009:1427 (fetchmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.2.0~3.el3.5\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.2.5~6.0.1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.6~1.1.el5_3.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-27T10:55:41", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1427.\n\nFetchmail is a remote mail retrieval and forwarding utility intended for\nuse over on-demand TCP/IP links, such as SLIP and PPP connections.\n\nIt was discovered that fetchmail is affected by the previously published\nnull prefix attack, caused by incorrect handling of NULL characters in\nX.509 certificates. If an attacker is able to get a carefully-crafted\ncertificate signed by a trusted Certificate Authority, the attacker could\nuse the certificate during a man-in-the-middle attack and potentially\nconfuse fetchmail into accepting it by mistake. (CVE-2009-2666)\n\nA flaw was found in the way fetchmail handles rejections from a remote SMTP\nserver when sending warning mail to the postmaster. If fetchmail sent a\nwarning mail to the postmaster of an SMTP server and that SMTP server\nrejected it, fetchmail could crash. (CVE-2007-4565)\n\nA flaw was found in fetchmail. When fetchmail is run in double verbose\nmode (-v -v), it could crash upon receiving certain, malformed mail\nmessages with long headers. A remote attacker could use this flaw to cause\na denial of service if fetchmail was also running in daemon mode (-d).\n(CVE-2008-2711)\n\nNote: when using SSL-enabled services, it is recommended that the fetchmail\n--sslcertck option be used to enforce strict SSL certificate checking.\n\nAll fetchmail users should upgrade to this updated package, which contains\nbackported patches to correct these issues. If fetchmail is running in\ndaemon mode, it must be restarted for this update to take effect (use the\nfetchmail --quit command to stop the fetchmail process).", "cvss3": {}, "published": "2009-09-09T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1427", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666", "CVE-2007-4565", "CVE-2008-2711"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64808", "href": "http://plugins.openvas.org/nasl.php?oid=64808", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1427.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1427 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1427.\n\nFetchmail is a remote mail retrieval and forwarding utility intended for\nuse over on-demand TCP/IP links, such as SLIP and PPP connections.\n\nIt was discovered that fetchmail is affected by the previously published\nnull prefix attack, caused by incorrect handling of NULL characters in\nX.509 certificates. If an attacker is able to get a carefully-crafted\ncertificate signed by a trusted Certificate Authority, the attacker could\nuse the certificate during a man-in-the-middle attack and potentially\nconfuse fetchmail into accepting it by mistake. (CVE-2009-2666)\n\nA flaw was found in the way fetchmail handles rejections from a remote SMTP\nserver when sending warning mail to the postmaster. If fetchmail sent a\nwarning mail to the postmaster of an SMTP server and that SMTP server\nrejected it, fetchmail could crash. (CVE-2007-4565)\n\nA flaw was found in fetchmail. When fetchmail is run in double verbose\nmode (-v -v), it could crash upon receiving certain, malformed mail\nmessages with long headers. A remote attacker could use this flaw to cause\na denial of service if fetchmail was also running in daemon mode (-d).\n(CVE-2008-2711)\n\nNote: when using SSL-enabled services, it is recommended that the fetchmail\n--sslcertck option be used to enforce strict SSL certificate checking.\n\nAll fetchmail users should upgrade to this updated package, which contains\nbackported patches to correct these issues. If fetchmail is running in\ndaemon mode, it must be restarted for this update to take effect (use the\nfetchmail --quit command to stop the fetchmail process).\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64808);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-09 02:15:49 +0200 (Wed, 09 Sep 2009)\");\n script_cve_id(\"CVE-2007-4565\", \"CVE-2008-2711\", \"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"RedHat Security Advisory RHSA-2009:1427\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1427.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.2.0~3.el3.5\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-debuginfo\", rpm:\"fetchmail-debuginfo~6.2.0~3.el3.5\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.2.5~6.0.1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-debuginfo\", rpm:\"fetchmail-debuginfo~6.2.5~6.0.1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.6~1.1.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-debuginfo\", rpm:\"fetchmail-debuginfo~6.3.6~1.1.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:55:46", "description": "Check for the Version of fetchmail", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for fetchmail CESA-2009:1427 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666", "CVE-2007-4565", "CVE-2008-2711"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880879", "href": "http://plugins.openvas.org/nasl.php?oid=880879", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for fetchmail CESA-2009:1427 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Fetchmail is a remote mail retrieval and forwarding utility intended for\n use over on-demand TCP/IP links, such as SLIP and PPP connections.\n\n It was discovered that fetchmail is affected by the previously published\n "null prefix attack", caused by incorrect handling of NULL characters in\n X.509 certificates. If an attacker is able to get a carefully-crafted\n certificate signed by a trusted Certificate Authority, the attacker could\n use the certificate during a man-in-the-middle attack and potentially\n confuse fetchmail into accepting it by mistake. (CVE-2009-2666)\n \n A flaw was found in the way fetchmail handles rejections from a remote SMTP\n server when sending warning mail to the postmaster. If fetchmail sent a\n warning mail to the postmaster of an SMTP server and that SMTP server\n rejected it, fetchmail could crash. (CVE-2007-4565)\n \n A flaw was found in fetchmail. When fetchmail is run in double verbose\n mode ("-v -v"), it could crash upon receiving certain, malformed mail\n messages with long headers. A remote attacker could use this flaw to cause\n a denial of service if fetchmail was also running in daemon mode ("-d").\n (CVE-2008-2711)\n \n Note: when using SSL-enabled services, it is recommended that the fetchmail\n "--sslcertck" option be used to enforce strict SSL certificate checking.\n \n All fetchmail users should upgrade to this updated package, which contains\n backported patches to correct these issues. If fetchmail is running in\n daemon mode, it must be restarted for this update to take effect (use the\n "fetchmail --quit" command to stop the fetchmail process).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"fetchmail on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-September/016125.html\");\n script_id(880879);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"CESA\", value: \"2009:1427\");\n script_cve_id(\"CVE-2007-4565\", \"CVE-2008-2711\", \"CVE-2009-2666\");\n script_name(\"CentOS Update for fetchmail CESA-2009:1427 centos3 i386\");\n\n script_summary(\"Check for the Version of fetchmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.2.0~3.el3.5\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:38:13", "description": "The remote host is missing updates to fetchmail announced in\nadvisory CESA-2009:1427.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1427 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666", "CVE-2007-4565", "CVE-2008-2711"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064900", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064900", "sourceData": "#CESA-2009:1427 64900 8\n# $Id: ovcesa2009_1427.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1427 (fetchmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1427\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1427\nhttps://rhn.redhat.com/errata/RHSA-2009-1427.html\";\ntag_summary = \"The remote host is missing updates to fetchmail announced in\nadvisory CESA-2009:1427.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64900\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2007-4565\", \"CVE-2008-2711\", \"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"CentOS Security Advisory CESA-2009:1427 (fetchmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.2.0~3.el3.5\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.2.5~6.0.1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.6~1.1.el5_3.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-09T11:39:38", "description": "Check for the Version of fetchmail", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for fetchmail MDVSA-2008:117 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2711"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830610", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830610", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for fetchmail MDVSA-2008:117 (fetchmail)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A flaw in fetchmail was discovered that allowed remote attackers\n to cause a denial of service (crash and persistent mail failure)\n via a malformed message with long headers. The crash only occurred\n when fetchmail was called in '-v -v' mode (CVE-2008-2711).\n\n The updated packages have been patched to prevent this issue.\";\n\ntag_affected = \"fetchmail on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-06/msg00027.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830610\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:117\");\n script_cve_id(\"CVE-2008-2711\");\n script_name( \"Mandriva Update for fetchmail MDVSA-2008:117 (fetchmail)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of fetchmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.6~1.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.6~1.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.6~1.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8~4.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.8~4.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.8~4.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8~7.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.8~7.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.8~7.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:09", "description": "The remote host is missing an update as announced\nvia advisory SSA:2008-210-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2008-210-01 fetchmail", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2711"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231061477", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231061477", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2008_210_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.61477\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2008-2711\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2008-210-01 fetchmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(8\\.1|9\\.0|9\\.1|10\\.0|10\\.1|10\\.2|11\\.0|12\\.0|12\\.1)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2008-210-01\");\n\n script_tag(name:\"insight\", value:\"New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, 11.0, 12.0, 12.1, and -current to fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2008-210-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.8-i386-1_slack8.1\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.8-i386-1_slack9.0\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.8-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.8-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.8-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.8-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.8-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.8-i486-3_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.8-i486-3_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-02T21:10:23", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: fetchmail", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2711"], "modified": "2016-09-19T00:00:00", "id": "OPENVAS:61189", "href": "http://plugins.openvas.org/nasl.php?oid=61189", "sourceData": "#\n#VID 168190df-3e9a-11dd-87bc-000ea69a5213\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: fetchmail\n\nCVE-2008-2711\nfetchmail 6.3.8 and earlier, when running in -v -v mode, allows remote\nattackers to cause a denial of service (crash and persistent mail\nfailure) via a malformed mail message with long headers, which is not\nproperly handled when using vsnprintf to format log messages.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://fetchmail.berlios.de/fetchmail-SA-2008-01.txt\nhttp://www.vuxml.org/freebsd/168190df-3e9a-11dd-87bc-000ea69a5213.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(61189);\n script_version(\"$Revision: 4112 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-19 15:17:59 +0200 (Mon, 19 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2008-2711\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: fetchmail\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"fetchmail\");\nif(!isnull(bver) && revcomp(a:bver, b:\"6.3.8_6\")<0) {\n txt += 'Package fetchmail version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:04", "description": "The remote host is missing an update as announced\nvia advisory SSA:2008-210-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2008-210-01 fetchmail", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2711"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:61477", "href": "http://plugins.openvas.org/nasl.php?oid=61477", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2008_210_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, 11.0, 12.0, 12.1, and -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2008-210-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2008-210-01\";\n \nif(description)\n{\n script_id(61477);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2008-2711\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2008-210-01 fetchmail \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.8-i386-1_slack8.1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.8-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.8-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.8-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.8-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.8-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.8-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.8-i486-3_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.8-i486-3_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:25", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: fetchmail", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2711"], "modified": "2016-09-19T00:00:00", "id": "OPENVAS:61220", "href": "http://plugins.openvas.org/nasl.php?oid=61220", "sourceData": "#\n#VID 1e8e63c0-478a-11dd-a88d-000ea69a5213\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: fetchmail\n\nCVE-2008-2711\nfetchmail 6.3.8 and earlier, when running in -v -v mode, allows remote\nattackers to cause a denial of service (crash and persistent mail\nfailure) via a malformed mail message with long headers, which is not\nproperly handled when using vsnprintf to format log messages.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://fetchmail.berlios.de/fetchmail-SA-2008-01.txt\nhttp://www.vuxml.org/freebsd/1e8e63c0-478a-11dd-a88d-000ea69a5213.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(61220);\n script_version(\"$Revision: 4112 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-19 15:17:59 +0200 (Mon, 19 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2008-2711\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: fetchmail\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"fetchmail\");\nif(!isnull(bver) && revcomp(a:bver, b:\"6.3.8_7\")<0) {\n txt += 'Package fetchmail version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:47", "description": "Check for the Version of fetchmail", "cvss3": {}, "published": "2009-02-17T00:00:00", "type": "openvas", "title": "Fedora Update for fetchmail FEDORA-2008-5789", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2711"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860438", "href": "http://plugins.openvas.org/nasl.php?oid=860438", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for fetchmail FEDORA-2008-5789\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Fetchmail is a remote mail retrieval and forwarding utility intended\n for use over on-demand TCP/IP links, like SLIP or PPP connections.\n Fetchmail supports every remote-mail protocol currently in use on the\n Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6,\n and IPSEC) for retrieval. Then Fetchmail forwards the mail through\n SMTP so you can read it through your favorite mail client.\n\n Install fetchmail if you need to retrieve mail over SLIP or PPP\n connections.\";\n\ntag_affected = \"fetchmail on Fedora 9\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01091.html\");\n script_id(860438);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:50:22 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-5789\");\n script_cve_id(\"CVE-2008-2711\");\n script_name( \"Fedora Update for fetchmail FEDORA-2008-5789\");\n\n script_summary(\"Check for the Version of fetchmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8~7.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:57", "description": "Check for the Version of fetchmail", "cvss3": {}, "published": "2009-02-17T00:00:00", "type": "openvas", "title": "Fedora Update for fetchmail FEDORA-2008-5800", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2711"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860656", "href": "http://plugins.openvas.org/nasl.php?oid=860656", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for fetchmail FEDORA-2008-5800\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Fetchmail is a remote mail retrieval and forwarding utility intended\n for use over on-demand TCP/IP links, like SLIP or PPP connections.\n Fetchmail supports every remote-mail protocol currently in use on the\n Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6,\n and IPSEC) for retrieval. Then Fetchmail forwards the mail through\n SMTP so you can read it through your favorite mail client.\n\n Install fetchmail if you need to retrieve mail over SLIP or PPP\n connections.\";\n\ntag_affected = \"fetchmail on Fedora 8\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01095.html\");\n script_id(860656);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:50:22 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-5800\");\n script_cve_id(\"CVE-2008-2711\");\n script_name( \"Fedora Update for fetchmail FEDORA-2008-5800\");\n\n script_summary(\"Check for the Version of fetchmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8~4.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:27", "description": "Check for the Version of fetchmail", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for fetchmail MDVSA-2008:117 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2711"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:830610", "href": "http://plugins.openvas.org/nasl.php?oid=830610", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for fetchmail MDVSA-2008:117 (fetchmail)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A flaw in fetchmail was discovered that allowed remote attackers\n to cause a denial of service (crash and persistent mail failure)\n via a malformed message with long headers. The crash only occurred\n when fetchmail was called in '-v -v' mode (CVE-2008-2711).\n\n The updated packages have been patched to prevent this issue.\";\n\ntag_affected = \"fetchmail on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-06/msg00027.php\");\n script_id(830610);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:117\");\n script_cve_id(\"CVE-2008-2711\");\n script_name( \"Mandriva Update for fetchmail MDVSA-2008:117 (fetchmail)\");\n\n script_summary(\"Check for the Version of fetchmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.6~1.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.6~1.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.6~1.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8~4.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.8~4.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.8~4.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8~7.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.8~7.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.8~7.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:18", "description": "The remote host is missing an update to fetchmail\nannounced via advisory FEDORA-2009-8780.", "cvss3": {}, "published": "2009-09-09T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8780 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064816", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064816", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8780.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8780 (fetchmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nIf fetchmail is running in daemon mode, it must be restarted for this update to\ntake effect (use the fetchmail --quit command to stop the fetchmail process).\n\nChangeLog:\n\n* Wed Aug 19 2009 Vitezslav Crhonek - 6.3.9-5\n- Fix SSL null terminator bypass (CVE-2009-2666)\n* Tue Jun 9 2009 Adam Jackson 6.3.9-4\n- Rebuild to get rid of libkrb4 dependency.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update fetchmail' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8780\";\ntag_summary = \"The remote host is missing an update to fetchmail\nannounced via advisory FEDORA-2009-8780.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64816\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-09 02:15:49 +0200 (Wed, 09 Sep 2009)\");\n script_cve_id(\"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Core 11 FEDORA-2009-8780 (fetchmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=515804\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.9~5.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-debuginfo\", rpm:\"fetchmail-debuginfo~6.3.9~5.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:38:34", "description": "The remote host is missing an update to fetchmail\nannounced via advisory DSA 1852-1.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1852-1 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064631", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064631", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1852_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1852-1 (fetchmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that fetchmail, a full-featured remote mail retrieval\nand forwarding utility, is vulnerable to the Null Prefix Attacks Against\nSSL/TLS Certificates recently published at the Blackhat conference.\nThis allows an attacker to perform undetected man-in-the-middle attacks\nvia a crafted ITU-T X.509 certificate with an injected null byte in the\nsubjectAltName or Common Name fields.\n\nNote, as a fetchmail user you should always use strict certificate\nvalidation through either these option combinations:\nsslcertck ssl sslproto ssl3 (for service on SSL-wrapped ports)\nor\nsslcertck sslproto tls1 (for STARTTLS-based services)\n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 6.3.6-1etch2.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 6.3.9~rc2-4+lenny1.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6.3.9~rc2-6.\n\n\nWe recommend that you upgrade your fetchmail packages.\";\ntag_summary = \"The remote host is missing an update to fetchmail\nannounced via advisory DSA 1852-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201852-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64631\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1852-1 (fetchmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"fetchmailconf\", ver:\"6.3.6-1etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"fetchmail\", ver:\"6.3.6-1etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"fetchmailconf\", ver:\"6.3.9~rc2-4+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"fetchmail\", ver:\"6.3.9~rc2-4+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:37:09", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n fetchmail\n fetchmailconf\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5055302 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for fetchmail", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065567", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065567", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5055302.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for fetchmail\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n fetchmail\n fetchmailconf\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5055302 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65567\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"SLES9: Security update for fetchmail\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.2.5~49.19\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:39:02", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n fetchmail\n fetchmailconf\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-11T00:00:00", "type": "openvas", "title": "SLES11: Security update for fetchmail", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065702", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065702", "sourceData": "#\n#VID 26aa1c657e53800ab93f6510f4c057b5\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for fetchmail\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n fetchmail\n fetchmailconf\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=528746\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.65702\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"SLES11: Security update for fetchmail\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8.90~13.16.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.8.90~13.16.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:40:23", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n fetchmail\n fetchmailconf\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for fetchmail", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065936", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065936", "sourceData": "#\n#VID slesp2-fetchmail-6409\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for fetchmail\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n fetchmail\n fetchmailconf\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65936\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"SLES10: Security update for fetchmail\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.2~15.16\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.2~15.16\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:38:24", "description": "The remote host is missing an update to fetchmail\nannounced via advisory FEDORA-2009-8770.", "cvss3": {}, "published": "2009-09-09T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-8770 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064818", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064818", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8770.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8770 (fetchmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nIf fetchmail is running in daemon mode, it must be restarted for this update to\ntake effect (use the fetchmail --quit command to stop the fetchmail process).\n\nChangeLog:\n\n* Wed Aug 19 2009 Vitezslav Crhonek - 6.3.8-9\n- Fix SSL null terminator bypass (CVE-2009-2666)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update fetchmail' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8770\";\ntag_summary = \"The remote host is missing an update to fetchmail\nannounced via advisory FEDORA-2009-8770.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64818\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-09 02:15:49 +0200 (Wed, 09 Sep 2009)\");\n script_cve_id(\"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Core 10 FEDORA-2009-8770 (fetchmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=515804\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8~9.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-debuginfo\", rpm:\"fetchmail-debuginfo~6.3.8~9.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:59", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-218-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2009-218-01 fetchmail", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231064568", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064568", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_218_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64568\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2009-218-01 fetchmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(8\\.1|9\\.0|9\\.1|10\\.0|10\\.1|10\\.2|11\\.0|12\\.0|12\\.1|12\\.2)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-218-01\");\n\n script_tag(name:\"insight\", value:\"New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, 11.0, 12.0, 12.1, 12.2, and -current to a fix security issue.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2009-218-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.11-i386-1_slack8.1\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.11-i386-1_slack9.0\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.11-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.11-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.11-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.11-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.11-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.11-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.11-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.11-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2017-07-26T08:55:48", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n fetchmail\n fetchmailconf\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-11T00:00:00", "type": "openvas", "title": "SLES11: Security update for fetchmail", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65702", "href": "http://plugins.openvas.org/nasl.php?oid=65702", "sourceData": "#\n#VID 26aa1c657e53800ab93f6510f4c057b5\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for fetchmail\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n fetchmail\n fetchmailconf\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=528746\");\n script_id(65702);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"SLES11: Security update for fetchmail\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8.90~13.16.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.8.90~13.16.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:09", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n fetchmail\n fetchmailconf\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5055302 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for fetchmail", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65567", "href": "http://plugins.openvas.org/nasl.php?oid=65567", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5055302.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for fetchmail\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n fetchmail\n fetchmailconf\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5055302 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65567);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"SLES9: Security update for fetchmail\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.2.5~49.19\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-26T08:56:15", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n fetchmail\n fetchmailconf\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for fetchmail", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65936", "href": "http://plugins.openvas.org/nasl.php?oid=65936", "sourceData": "#\n#VID slesp2-fetchmail-6409\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for fetchmail\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n fetchmail\n fetchmailconf\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65936);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"SLES10: Security update for fetchmail\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.2~15.16\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.2~15.16\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-04T11:28:07", "description": "The remote host is missing an update to fetchmail\nannounced via advisory USN-816-1.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Ubuntu USN-816-1 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:64655", "href": "http://plugins.openvas.org/nasl.php?oid=64655", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_816_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_816_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-816-1 (fetchmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n fetchmail 6.3.2-2ubuntu2.3\n\nUbuntu 8.04 LTS:\n fetchmail 6.3.8-10ubuntu1.1\n\nUbuntu 8.10:\n fetchmail 6.3.8-11ubuntu3.1\n\nUbuntu 9.04:\n fetchmail 6.3.9~rc2-4ubuntu1.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-816-1\";\n\ntag_insight = \"Moxie Marlinspike discovered that fetchmail did not properly handle\ncertificates with NULL characters in the certificate name. A remote\nattacker could exploit this to perform a man in the middle attack to\nview sensitive information or alter encrypted communications.\";\ntag_summary = \"The remote host is missing an update to fetchmail\nannounced via advisory USN-816-1.\";\n\n \n\n\nif(description)\n{\n script_id(64655);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Ubuntu USN-816-1 (fetchmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-816-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"fetchmailconf\", ver:\"6.3.2-2ubuntu2.3\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"fetchmail\", ver:\"6.3.2-2ubuntu2.3\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"fetchmailconf\", ver:\"6.3.8-10ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"fetchmail\", ver:\"6.3.8-10ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"fetchmailconf\", ver:\"6.3.8-11ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"fetchmail\", ver:\"6.3.8-11ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"fetchmailconf\", ver:\"6.3.9~rc2-4ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"fetchmail\", ver:\"6.3.9~rc2-4ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:56:32", "description": "The remote host is missing an update to fetchmail\nannounced via advisory DSA 1852-1.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1852-1 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64631", "href": "http://plugins.openvas.org/nasl.php?oid=64631", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1852_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1852-1 (fetchmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that fetchmail, a full-featured remote mail retrieval\nand forwarding utility, is vulnerable to the Null Prefix Attacks Against\nSSL/TLS Certificates recently published at the Blackhat conference.\nThis allows an attacker to perform undetected man-in-the-middle attacks\nvia a crafted ITU-T X.509 certificate with an injected null byte in the\nsubjectAltName or Common Name fields.\n\nNote, as a fetchmail user you should always use strict certificate\nvalidation through either these option combinations:\nsslcertck ssl sslproto ssl3 (for service on SSL-wrapped ports)\nor\nsslcertck sslproto tls1 (for STARTTLS-based services)\n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 6.3.6-1etch2.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 6.3.9~rc2-4+lenny1.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6.3.9~rc2-6.\n\n\nWe recommend that you upgrade your fetchmail packages.\";\ntag_summary = \"The remote host is missing an update to fetchmail\nannounced via advisory DSA 1852-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201852-1\";\n\n\nif(description)\n{\n script_id(64631);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1852-1 (fetchmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"fetchmailconf\", ver:\"6.3.6-1etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"fetchmail\", ver:\"6.3.6-1etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"fetchmailconf\", ver:\"6.3.9~rc2-4+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"fetchmail\", ver:\"6.3.9~rc2-4+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:03", "description": "The remote host is missing an update to fetchmail\nannounced via advisory FEDORA-2009-8780.", "cvss3": {}, "published": "2009-09-09T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8780 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64816", "href": "http://plugins.openvas.org/nasl.php?oid=64816", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8780.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8780 (fetchmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nIf fetchmail is running in daemon mode, it must be restarted for this update to\ntake effect (use the fetchmail --quit command to stop the fetchmail process).\n\nChangeLog:\n\n* Wed Aug 19 2009 Vitezslav Crhonek - 6.3.9-5\n- Fix SSL null terminator bypass (CVE-2009-2666)\n* Tue Jun 9 2009 Adam Jackson 6.3.9-4\n- Rebuild to get rid of libkrb4 dependency.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update fetchmail' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8780\";\ntag_summary = \"The remote host is missing an update to fetchmail\nannounced via advisory FEDORA-2009-8780.\";\n\n\n\nif(description)\n{\n script_id(64816);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-09 02:15:49 +0200 (Wed, 09 Sep 2009)\");\n script_cve_id(\"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Core 11 FEDORA-2009-8780 (fetchmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=515804\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.9~5.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-debuginfo\", rpm:\"fetchmail-debuginfo~6.3.9~5.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:38", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-218-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2009-218-01 fetchmail ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64568", "href": "http://plugins.openvas.org/nasl.php?oid=64568", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_218_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, 11.0, 12.0, 12.1, 12.2, and -current to a fix security issue.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2009-218-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-218-01\";\n \nif(description)\n{\n script_id(64568);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_version(\"$Revision: 6598 $\");\n script_name(\"Slackware Advisory SSA:2009-218-01 fetchmail \");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.11-i386-1_slack8.1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.11-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.11-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.11-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.11-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.11-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.11-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.11-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.11-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"fetchmail\", ver:\"6.3.11-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:27", "description": "The remote host is missing an update to fetchmail\nannounced via advisory FEDORA-2009-8770.", "cvss3": {}, "published": "2009-09-09T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-8770 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64818", "href": "http://plugins.openvas.org/nasl.php?oid=64818", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8770.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8770 (fetchmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nIf fetchmail is running in daemon mode, it must be restarted for this update to\ntake effect (use the fetchmail --quit command to stop the fetchmail process).\n\nChangeLog:\n\n* Wed Aug 19 2009 Vitezslav Crhonek - 6.3.8-9\n- Fix SSL null terminator bypass (CVE-2009-2666)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update fetchmail' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8770\";\ntag_summary = \"The remote host is missing an update to fetchmail\nannounced via advisory FEDORA-2009-8770.\";\n\n\n\nif(description)\n{\n script_id(64818);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-09 02:15:49 +0200 (Wed, 09 Sep 2009)\");\n script_cve_id(\"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Core 10 FEDORA-2009-8770 (fetchmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=515804\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8~9.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-debuginfo\", rpm:\"fetchmail-debuginfo~6.3.8~9.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:38:45", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n fetchmail\n fetchmailconf\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for fetchmail", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065992", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065992", "sourceData": "#\n#VID slesp1-fetchmail-4462\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for fetchmail\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n fetchmail\n fetchmailconf\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65992\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2007-4565\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES10: Security update for fetchmail\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.2~15.12\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.2~15.12\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:15", "description": "The remote host is missing an update to fetchmail\nannounced via advisory DSA 1377-1.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1377-1 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:58615", "href": "http://plugins.openvas.org/nasl.php?oid=58615", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1377_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1377-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Matthias Andree discovered that fetchmail, an SSL enabled POP3, APOP\nand IMAP mail gatherer/forwarder, can under certain circumstances\nattempt to dereference a NULL pointer and crash.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 6.3.6-1etch1.\n\nFor the old stable distribution (sarge), this problem was not present.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your fetchmail package.\";\ntag_summary = \"The remote host is missing an update to fetchmail\nannounced via advisory DSA 1377-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201377-1\";\n\nif(description)\n{\n script_id(58615);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:19:52 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-4565\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1377-1 (fetchmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"fetchmailconf\", ver:\"6.3.6-1etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"fetchmail\", ver:\"6.3.6-1etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:56:09", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n fetchmailconf\n fetchmail\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5015579 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for fetchmail", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65548", "href": "http://plugins.openvas.org/nasl.php?oid=65548", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5015579.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for fetchmail\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n fetchmailconf\n fetchmail\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5015579 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65548);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-4565\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for fetchmail\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.2.5~49.17\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:43", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n fetchmail\n fetchmailconf\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for fetchmail", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65992", "href": "http://plugins.openvas.org/nasl.php?oid=65992", "sourceData": "#\n#VID slesp1-fetchmail-4462\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for fetchmail\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n fetchmail\n fetchmailconf\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65992);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2007-4565\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES10: Security update for fetchmail\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.2~15.12\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.2~15.12\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:47", "description": "The remote host is missing an update to fetchmail\nannounced via advisory DSA 1377-2.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1377-2 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:58616", "href": "http://plugins.openvas.org/nasl.php?oid=58616", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1377_2.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1377-2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Matthias Andree discovered that fetchmail, an SSL enabled POP3, APOP\nand IMAP mail gatherer/forwarder, can under certain circumstances\nattempt to dereference a NULL pointer and crash.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 6.3.6-1etch1.\n\nFor the old stable distribution (sarge), this problem was not present.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your fetchmail package.\";\ntag_summary = \"The remote host is missing an update to fetchmail\nannounced via advisory DSA 1377-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201377-2\";\n\nif(description)\n{\n script_id(58616);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:19:52 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-4565\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1377-2 (fetchmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"fetchmail\", ver:\"6.3.6-1etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:38:39", "description": "Check for the Version of fetchmail", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for fetchmail MDKSA-2007:179 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830031", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830031", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for fetchmail MDKSA-2007:179 (fetchmail)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability in fetchmail was found where it could crash when\n attempting to deliver an internal warning or error message through an\n untrusted or compromised SMTP server, leading to a denial of service.\n\n Updated packages have been patched to prevent these issues.\";\n\ntag_affected = \"fetchmail on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-09/msg00010.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830031\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:57:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDKSA\", value: \"2007:179\");\n script_cve_id(\"CVE-2007-4565\");\n script_name( \"Mandriva Update for fetchmail MDKSA-2007:179 (fetchmail)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of fetchmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.6~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.6~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.6~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.4~3.3mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.4~3.3mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.4~3.3mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:04", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n fetchmailconf\n fetchmail\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5015579 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for fetchmail", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065548", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065548", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5015579.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for fetchmail\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n fetchmailconf\n fetchmail\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5015579 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65548\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-4565\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for fetchmail\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.2.5~49.17\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:07", "description": "Check for the Version of fetchmail", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "Fedora Update for fetchmail FEDORA-2007-689", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:861535", "href": "http://plugins.openvas.org/nasl.php?oid=861535", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for fetchmail FEDORA-2007-689\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Fetchmail is a remote mail retrieval and forwarding utility intended\n for use over on-demand TCP/IP links, like SLIP or PPP connections.\n Fetchmail supports every remote-mail protocol currently in use on the\n Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6,\n and IPSEC) for retrieval. Then Fetchmail forwards the mail through\n SMTP so you can read it through your favorite mail client.\n\n Install fetchmail if you need to retrieve mail over SLIP or PPP\n connections\";\n\ntag_affected = \"fetchmail on Fedora Core 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00099.html\");\n script_id(861535);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2007-689\");\n script_cve_id(\"CVE-2007-4565\");\n script_name( \"Fedora Update for fetchmail FEDORA-2007-689\");\n\n script_summary(\"Check for the Version of fetchmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC6\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.6~3.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/fetchmail-debuginfo\", rpm:\"x86_64/debug/fetchmail-debuginfo~6.3.6~3.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/fetchmail\", rpm:\"x86_64/fetchmail~6.3.6~3.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/fetchmail\", rpm:\"i386/fetchmail~6.3.6~3.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/fetchmail-debuginfo\", rpm:\"i386/debug/fetchmail-debuginfo~6.3.6~3.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:52", "description": "Check for the Version of fetchmail", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "Fedora Update for fetchmail FEDORA-2007-1983", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:861001", "href": "http://plugins.openvas.org/nasl.php?oid=861001", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for fetchmail FEDORA-2007-1983\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Fetchmail is a remote mail retrieval and forwarding utility intended\n for use over on-demand TCP/IP links, like SLIP or PPP connections.\n Fetchmail supports every remote-mail protocol currently in use on the\n Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6,\n and IPSEC) for retrieval. Then Fetchmail forwards the mail through\n SMTP so you can read it through your favorite mail client.\n\n Install fetchmail if you need to retrieve mail over SLIP or PPP\n connections.\";\n\ntag_affected = \"fetchmail on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00039.html\");\n script_id(861001);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 15:48:41 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2007-1983\");\n script_cve_id(\"CVE-2007-4565\");\n script_name( \"Fedora Update for fetchmail FEDORA-2007-1983\");\n\n script_summary(\"Check for the Version of fetchmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.7~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmail-debuginfo\", rpm:\"fetchmail-debuginfo~6.3.7~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.7~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmail-debuginfo\", rpm:\"fetchmail-debuginfo~6.3.7~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.7~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:04", "description": "Check for the Version of fetchmail", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for fetchmail MDKSA-2007:179 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:830031", "href": "http://plugins.openvas.org/nasl.php?oid=830031", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for fetchmail MDKSA-2007:179 (fetchmail)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability in fetchmail was found where it could crash when\n attempting to deliver an internal warning or error message through an\n untrusted or compromised SMTP server, leading to a denial of service.\n\n Updated packages have been patched to prevent these issues.\";\n\ntag_affected = \"fetchmail on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-09/msg00010.php\");\n script_id(830031);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:57:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDKSA\", value: \"2007:179\");\n script_cve_id(\"CVE-2007-4565\");\n script_name( \"Mandriva Update for fetchmail MDKSA-2007:179 (fetchmail)\");\n\n script_summary(\"Check for the Version of fetchmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.6~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.6~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.6~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.4~3.3mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.4~3.3mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.4~3.3mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:13", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: fetchmail", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2016-09-19T00:00:00", "id": "OPENVAS:58808", "href": "http://plugins.openvas.org/nasl.php?oid=58808", "sourceData": "#\n#VID 45500f74-5947-11dc-87c1-000e2e5785ad\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: fetchmail\n\n=====\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.fetchmail.info/fetchmail-SA-2007-02.txt\nhttp://www.vuxml.org/freebsd/45500f74-5947-11dc-87c1-000e2e5785ad.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(58808);\n script_version(\"$Revision: 4112 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-19 15:17:59 +0200 (Mon, 19 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2007-4565\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: fetchmail\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"fetchmail\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.6.8\")>=0 && revcomp(a:bver, b:\"6.3.8_4\")<0) {\n txt += 'Package fetchmail version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:55", "description": "The remote host is missing updates announced in\nadvisory GLSA 201006-12.", "cvss3": {}, "published": "2011-03-09T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201006-12 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666", "CVE-2010-0562"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:136141256231069015", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069015", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201006_12.nasl 14171 2019-03-14 10:22:03Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69015\");\n script_version(\"$Revision: 14171 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 11:22:03 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-09 05:54:11 +0100 (Wed, 09 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-0562\", \"CVE-2009-2666\");\n script_name(\"Gentoo Security Advisory GLSA 201006-12 (fetchmail)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been reported in Fetchmail, allowing remote\n attackers to execute arbitrary code or to conduct Man-in-the-Middle\n attacks.\");\n script_tag(name:\"solution\", value:\"All Fetchmail users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-mail/fetchmail-6.3.14'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201006-12\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=280537\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=307761\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201006-12.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-mail/fetchmail\", unaffected: make_list(\"ge 6.3.14\"), vulnerable: make_list(\"lt 6.3.14\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-04-06T11:40:42", "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:044.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:044 (subversion)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2411", "CVE-2009-2666"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064642", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064642", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_044.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:044 (subversion)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Subversion is a revision control system, which is mainly used for\ncode development.\n\nThe ibsvn_delta library is vulnerable to integer overflows while\nprocessing svndiff streams, this leads to overflows on the heap\nbecause of insufficient memory allocation.\n\nThis bug can be exploited by clients with commit access to\ncause a remote denial-of-service or arbitrary code execution.\nIt can also be exploited in the other direction from a server\nto a client that tries to do a checkout or update.\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:044\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:044.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64642\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2411\", \"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:044 (subversion)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"subversion-debuginfo\", rpm:\"subversion-debuginfo~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-debugsource\", rpm:\"subversion-debugsource~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-perl\", rpm:\"subversion-perl~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-python\", rpm:\"subversion-python~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-debuginfo\", rpm:\"subversion-debuginfo~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-debugsource\", rpm:\"subversion-debugsource~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-perl\", rpm:\"subversion-perl~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-python\", rpm:\"subversion-python~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-perl\", rpm:\"subversion-perl~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-python\", rpm:\"subversion-python~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:19", "description": "The remote host is missing an update to fetchmail\nannounced via advisory MDVSA-2009:201.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:201 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666", "CVE-2009-2408"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064609", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064609", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_201.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:201 (fetchmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in fetchmail:\n\nsocket.c in fetchmail before 6.3.11 does not properly handle a '\\0'\ncharacter in a domain name in the subject's Common Name (CN) field\nof an X.509 certificate, which allows man-in-the-middle attackers\nto spoof arbitrary SSL servers via a crafted certificate issued by a\nlegitimate Certification Authority, a related issue to CVE-2009-2408\n(CVE-2009-2666).\n\nThis update provides a solution to this vulnerability.\n\nAffected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,\n Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:201\";\ntag_summary = \"The remote host is missing an update to fetchmail\nannounced via advisory MDVSA-2009:201.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64609\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:201 (fetchmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8~7.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.8~7.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.8~7.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8~8.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.8~8.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.8~8.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.9~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.9~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.9~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.2.5~3.8.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.2.5~3.8.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.2.5~3.8.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.2.5~11.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.2.5~11.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.2.5~11.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8~8.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.8~8.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.8~8.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:31", "description": "The remote host is missing an update to fetchmail\nannounced via advisory MDVSA-2009:201-1.", "cvss3": {}, "published": "2009-12-10T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:201-1 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666", "CVE-2009-2408"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066396", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066396", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_201_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:201-1 (fetchmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in fetchmail:\n\nsocket.c in fetchmail before 6.3.11 does not properly handle a '\\0'\n(NUL) character in a domain name in the subject's Common Name (CN)\nand subjectAlt(ernative)Name fields of an X.509 certificate, which\nallows man-in-the-middle attackers to spoof arbitrary SSL servers via\na crafted certificate issued by a legitimate Certification Authority,\na related issue to CVE-2009-2408 (CVE-2009-2666).\n\nThis update provides a solution to this vulnerability.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:201-1\";\ntag_summary = \"The remote host is missing an update to fetchmail\nannounced via advisory MDVSA-2009:201-1.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66396\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:201-1 (fetchmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8~4.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.8~4.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.8~4.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:50", "description": "The remote host is missing an update to fetchmail\nannounced via advisory MDVSA-2009:201-1.", "cvss3": {}, "published": "2009-12-10T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:201-1 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666", "CVE-2009-2408"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:66396", "href": "http://plugins.openvas.org/nasl.php?oid=66396", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_201_1.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:201-1 (fetchmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in fetchmail:\n\nsocket.c in fetchmail before 6.3.11 does not properly handle a '\\0'\n(NUL) character in a domain name in the subject's Common Name (CN)\nand subjectAlt(ernative)Name fields of an X.509 certificate, which\nallows man-in-the-middle attackers to spoof arbitrary SSL servers via\na crafted certificate issued by a legitimate Certification Authority,\na related issue to CVE-2009-2408 (CVE-2009-2666).\n\nThis update provides a solution to this vulnerability.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:201-1\";\ntag_summary = \"The remote host is missing an update to fetchmail\nannounced via advisory MDVSA-2009:201-1.\";\n\n \n\nif(description)\n{\n script_id(66396);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:201-1 (fetchmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8~4.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.8~4.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.8~4.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-04T14:20:00", "description": "The remote host is missing updates announced in\nadvisory GLSA 201006-12.", "cvss3": {}, "published": "2011-03-09T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201006-12 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666", "CVE-2010-0562"], "modified": "2017-08-28T00:00:00", "id": "OPENVAS:69015", "href": "http://plugins.openvas.org/nasl.php?oid=69015", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been reported in Fetchmail, allowing remote\n attackers to execute arbitrary code or to conduct Man-in-the-Middle\n attacks.\";\ntag_solution = \"All Fetchmail users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-mail/fetchmail-6.3.14'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201006-12\nhttp://bugs.gentoo.org/show_bug.cgi?id=280537\nhttp://bugs.gentoo.org/show_bug.cgi?id=307761\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201006-12.\";\n\n \n \n\nif(description)\n{\n script_id(69015);\n script_version(\"$Revision: 7015 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-28 13:51:24 +0200 (Mon, 28 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-09 05:54:11 +0100 (Wed, 09 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-0562\", \"CVE-2009-2666\");\n script_name(\"Gentoo Security Advisory GLSA 201006-12 (fetchmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-mail/fetchmail\", unaffected: make_list(\"ge 6.3.14\"), vulnerable: make_list(\"lt 6.3.14\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:56:22", "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:044.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:044 (subversion)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2411", "CVE-2009-2666"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:64642", "href": "http://plugins.openvas.org/nasl.php?oid=64642", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_044.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:044 (subversion)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Subversion is a revision control system, which is mainly used for\ncode development.\n\nThe ibsvn_delta library is vulnerable to integer overflows while\nprocessing svndiff streams, this leads to overflows on the heap\nbecause of insufficient memory allocation.\n\nThis bug can be exploited by clients with commit access to\ncause a remote denial-of-service or arbitrary code execution.\nIt can also be exploited in the other direction from a server\nto a client that tries to do a checkout or update.\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:044\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:044.\";\n\n \n\nif(description)\n{\n script_id(64642);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2411\", \"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:044 (subversion)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"subversion-debuginfo\", rpm:\"subversion-debuginfo~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-debugsource\", rpm:\"subversion-debugsource~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-perl\", rpm:\"subversion-perl~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-python\", rpm:\"subversion-python~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-debuginfo\", rpm:\"subversion-debuginfo~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-debugsource\", rpm:\"subversion-debugsource~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-perl\", rpm:\"subversion-perl~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-python\", rpm:\"subversion-python~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-perl\", rpm:\"subversion-perl~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-python\", rpm:\"subversion-python~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:14", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "FreeBSD Ports: fetchmail", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666", "CVE-2009-2408"], "modified": "2016-12-21T00:00:00", "id": "OPENVAS:64657", "href": "http://plugins.openvas.org/nasl.php?oid=64657", "sourceData": "#\n#VID 5179d85c-8683-11de-91b9-0022157515b2\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 5179d85c-8683-11de-91b9-0022157515b2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: fetchmail\n\nCVE-2009-2666\nsocket.c in fetchmail before 6.3.11 does not properly handle a '\\0'\ncharacter in a domain name in the subject's Common Name (CN) field of\nan X.509 certificate, which allows man-in-the-middle attackers to\nspoof arbitrary SSL servers via a crafted certificate issued by a\nlegitimate Certification Authority, a related issue to CVE-2009-2408.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://fetchmail.berlios.de/fetchmail-SA-2009-01.txt\nhttp://www.vuxml.org/freebsd/5179d85c-8683-11de-91b9-0022157515b2.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(64657);\n script_version(\"$Revision: 4824 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-21 09:49:38 +0100 (Wed, 21 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"FreeBSD Ports: fetchmail\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"fetchmail\");\nif(!isnull(bver) && revcomp(a:bver, b:\"6.3.11\")<0) {\n txt += 'Package fetchmail version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:03", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "FreeBSD Ports: fetchmail", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666", "CVE-2009-2408"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064657", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064657", "sourceData": "#\n#VID 5179d85c-8683-11de-91b9-0022157515b2\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 5179d85c-8683-11de-91b9-0022157515b2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: fetchmail\n\nCVE-2009-2666\nsocket.c in fetchmail before 6.3.11 does not properly handle a '\\0'\ncharacter in a domain name in the subject's Common Name (CN) field of\nan X.509 certificate, which allows man-in-the-middle attackers to\nspoof arbitrary SSL servers via a crafted certificate issued by a\nlegitimate Certification Authority, a related issue to CVE-2009-2408.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://fetchmail.berlios.de/fetchmail-SA-2009-01.txt\nhttp://www.vuxml.org/freebsd/5179d85c-8683-11de-91b9-0022157515b2.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64657\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"FreeBSD Ports: fetchmail\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"fetchmail\");\nif(!isnull(bver) && revcomp(a:bver, b:\"6.3.11\")<0) {\n txt += 'Package fetchmail version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:57:07", "description": "The remote host is missing an update to fetchmail\nannounced via advisory MDVSA-2009:201.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:201 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666", "CVE-2009-2408"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:64609", "href": "http://plugins.openvas.org/nasl.php?oid=64609", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_201.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:201 (fetchmail)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in fetchmail:\n\nsocket.c in fetchmail before 6.3.11 does not properly handle a '\\0'\ncharacter in a domain name in the subject's Common Name (CN) field\nof an X.509 certificate, which allows man-in-the-middle attackers\nto spoof arbitrary SSL servers via a crafted certificate issued by a\nlegitimate Certification Authority, a related issue to CVE-2009-2408\n(CVE-2009-2666).\n\nThis update provides a solution to this vulnerability.\n\nAffected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,\n Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:201\";\ntag_summary = \"The remote host is missing an update to fetchmail\nannounced via advisory MDVSA-2009:201.\";\n\n \n\nif(description)\n{\n script_id(64609);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2666\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:201 (fetchmail)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8~7.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.8~7.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.8~7.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8~8.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.8~8.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.8~8.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.9~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.9~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.9~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.2.5~3.8.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.2.5~3.8.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.2.5~3.8.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.2.5~11.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.2.5~11.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.2.5~11.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8~8.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.8~8.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.8~8.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:29:07", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-520-1", "cvss3": {}, "published": "2009-03-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for fetchmail vulnerabilities USN-520-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1558", "CVE-2007-4565"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840065", "href": "http://plugins.openvas.org/nasl.php?oid=840065", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_520_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for fetchmail vulnerabilities USN-520-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Gaetan Leurent discovered a vulnerability in the APOP protocol based\n on MD5 collisions. As fetchmail supports the APOP protocol, this\n vulnerability can be used by attackers to discover a portion of the APOP\n user's authentication credentials. (CVE-2007-1558)\n\n Earl Chew discovered that fetchmail can be made to de-reference a NULL\n pointer when contacting SMTP servers. This vulnerability can be used\n by attackers who control the SMTP server to crash fetchmail and cause\n a denial of service. (CVE-2007-4565)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-520-1\";\ntag_affected = \"fetchmail vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 6.10 ,\n Ubuntu 7.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-520-1/\");\n script_id(840065);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"USN\", value: \"520-1\");\n script_cve_id(\"CVE-2007-1558\", \"CVE-2007-4565\");\n script_name( \"Ubuntu Update for fetchmail vulnerabilities USN-520-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"fetchmail\", ver:\"6.3.6-1ubuntu2.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fetchmailconf\", ver:\"6.3.6-1ubuntu2.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"fetchmail\", ver:\"6.3.2-2ubuntu2.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fetchmailconf\", ver:\"6.3.2-2ubuntu2.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"fetchmail\", ver:\"6.3.4-1ubuntu4.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fetchmailconf\", ver:\"6.3.4-1ubuntu4.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:09:59", "description": "The remote host is missing Security Update 2009-001.\n One or more of the following components are affected:\n\n AFP Server\n Apple Pixlet Video\n CarbonCore\n CFNetwork\n Certificate Assistant\n ClamAV\n CoreText\n CUPS\n DS Tools\n fetchmail\n Folder Manager\n FSEvents\n Network Time\n perl\n Printing\n python\n Remote Apple Events\n Safari RSS\n servermgrd\n SMB\n SquirrelMail\n X11\n XTerm", "cvss3": {}, "published": "2010-05-12T00:00:00", "type": "openvas", "title": "Mac OS X Security Update 2009-001", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5050", "CVE-2008-2362", "CVE-2009-0137", "CVE-2008-1927", "CVE-2009-0139", "CVE-2009-0017", "CVE-2009-0014", "CVE-2008-1379", "CVE-2008-1721", "CVE-2007-1667", "CVE-2008-4864", "CVE-2009-0138", "CVE-2009-0011", "CVE-2008-2316", "CVE-2009-0019", "CVE-2007-1351", "CVE-2008-3663", "CVE-2008-1808", "CVE-2009-0013", "CVE-2007-4565", "CVE-2007-4965", "CVE-2009-0015", "CVE-2007-1352", "CVE-2008-2711", "CVE-2008-3144", "CVE-2008-5183", "CVE-2009-0018", "CVE-2008-1377", "CVE-2006-3467", "CVE-2008-3142", "CVE-2009-0012", "CVE-2009-0141", "CVE-2006-1861", "CVE-2009-0142", "CVE-2008-2315", "CVE-2008-2379", "CVE-2008-1679", "CVE-2009-0140", "CVE-2008-2361", "CVE-2008-1887", "CVE-2008-2360", "CVE-2008-1807", "CVE-2008-5031", "CVE-2009-0020", "CVE-2008-1806", "CVE-2009-0009", "CVE-2008-5314"], "modified": "2017-02-22T00:00:00", "id": "OPENVAS:102026", "href": "http://plugins.openvas.org/nasl.php?oid=102026", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Mac OS X Security Update 2009-001\n#\n# LSS-NVT-2010-015\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"Update your Mac OS X operating system.\n\n For more information see:\n http://support.apple.com/kb/HT3438\";\n\ntag_summary = \"The remote host is missing Security Update 2009-001.\n One or more of the following components are affected:\n\n AFP Server\n Apple Pixlet Video\n CarbonCore\n CFNetwork\n Certificate Assistant\n ClamAV\n CoreText\n CUPS\n DS Tools\n fetchmail\n Folder Manager\n FSEvents\n Network Time\n perl\n Printing\n python\n Remote Apple Events\n Safari RSS\n servermgrd\n SMB\n SquirrelMail\n X11\n XTerm\";\n\n\nif(description)\n{\n script_id(102026);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2009-0142\",\"CVE-2009-0009\",\"CVE-2009-0020\",\"CVE-2009-0011\",\"CVE-2008-5050\",\"CVE-2008-5314\",\"CVE-2009-0012\",\"CVE-2008-5183\",\"CVE-2009-0013\",\"CVE-2007-4565\",\"CVE-2008-2711\",\"CVE-2009-0014\",\"CVE-2009-0015\",\"CVE-2008-1927\",\"CVE-2009-0017\",\"CVE-2008-1679\",\"CVE-2008-1721\",\"CVE-2008-1887\",\"CVE-2008-2315\",\"CVE-2008-2316\",\"CVE-2008-3142\",\"CVE-2008-3144\",\"CVE-2008-4864\",\"CVE-2007-4965\",\"CVE-2008-5031\",\"CVE-2009-0018\",\"CVE-2009-0019\",\"CVE-2009-0137\",\"CVE-2009-0138\",\"CVE-2009-0139\",\"CVE-2009-0140\",\"CVE-2008-2379\",\"CVE-2008-3663\",\"CVE-2008-1377\",\"CVE-2008-1379\",\"CVE-2008-2360\",\"CVE-2008-2361\",\"CVE-2008-2362\",\"CVE-2006-1861\",\"CVE-2006-3467\",\"CVE-2007-1351\",\"CVE-2008-1806\",\"CVE-2008-1807\",\"CVE-2008-1808\",\"CVE-2007-1352\",\"CVE-2007-1667\",\"CVE-2009-0141\");\n script_name(\"Mac OS X Security Update 2009-001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver) exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.6\",\"Mac OS X Server 10.5.6\",\"Mac OS X 10.4.11\",\"Mac OS X Server 10.4.11\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message(0); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.6\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.5.6\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.5.6\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.001\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.6\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.5.6\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.5.6\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.001\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.001\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.001\"))) { security_message(0); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:09", "description": "The remote host is missing Security Update 2009-001.", "cvss3": {}, "published": "2010-05-12T00:00:00", "type": "openvas", "title": "Mac OS X Security Update 2009-001", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5050", "CVE-2008-2362", "CVE-2009-0137", "CVE-2008-1927", "CVE-2009-0139", "CVE-2009-0017", "CVE-2009-0014", "CVE-2008-1379", "CVE-2008-1721", "CVE-2007-1667", "CVE-2008-4864", "CVE-2009-0138", "CVE-2009-0011", "CVE-2008-2316", "CVE-2009-0019", "CVE-2007-1351", "CVE-2008-3663", "CVE-2008-1808", "CVE-2009-0013", "CVE-2007-4565", "CVE-2007-4965", "CVE-2009-0015", "CVE-2007-1352", "CVE-2008-2711", "CVE-2008-3144", "CVE-2008-5183", "CVE-2009-0018", "CVE-2008-1377", "CVE-2006-3467", "CVE-2008-3142", "CVE-2009-0012", "CVE-2009-0141", "CVE-2006-1861", "CVE-2009-0142", "CVE-2008-2315", "CVE-2008-2379", "CVE-2008-1679", "CVE-2009-0140", "CVE-2008-2361", "CVE-2008-1887", "CVE-2008-2360", "CVE-2008-1807", "CVE-2008-5031", "CVE-2009-0020", "CVE-2008-1806", "CVE-2009-0009", "CVE-2008-5314"], "modified": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310102026", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102026", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n# $Id: macosx_secupd_2009-001.nasl 14307 2019-03-19 10:09:27Z cfischer $\n#\n# Mac OS X Security Update 2009-001\n#\n# LSS-NVT-2010-015\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102026\");\n script_version(\"$Revision: 14307 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 11:09:27 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2009-0142\", \"CVE-2009-0009\", \"CVE-2009-0020\", \"CVE-2009-0011\", \"CVE-2008-5050\",\n \"CVE-2008-5314\", \"CVE-2009-0012\", \"CVE-2008-5183\", \"CVE-2009-0013\", \"CVE-2007-4565\",\n \"CVE-2008-2711\", \"CVE-2009-0014\", \"CVE-2009-0015\", \"CVE-2008-1927\", \"CVE-2009-0017\",\n \"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-2316\",\n \"CVE-2008-3142\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2007-4965\", \"CVE-2008-5031\",\n \"CVE-2009-0018\", \"CVE-2009-0019\", \"CVE-2009-0137\", \"CVE-2009-0138\", \"CVE-2009-0139\",\n \"CVE-2009-0140\", \"CVE-2008-2379\", \"CVE-2008-3663\", \"CVE-2008-1377\", \"CVE-2008-1379\",\n \"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\", \"CVE-2006-1861\", \"CVE-2006-3467\",\n \"CVE-2007-1351\", \"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\", \"CVE-2007-1352\",\n \"CVE-2007-1667\", \"CVE-2009-0141\");\n script_name(\"Mac OS X Security Update 2009-001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[45]\\.\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT3438\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing Security Update 2009-001.\");\n\n script_tag(name:\"affected\", value:\"One or more of the following components are affected:\n\n AFP Server\n\n Apple Pixlet Video\n\n CarbonCore\n\n CFNetwork\n\n Certificate Assistant\n\n ClamAV\n\n CoreText\n\n CUPS\n\n DS Tools\n\n fetchmail\n\n Folder Manager\n\n FSEvents\n\n Network Time\n\n perl\n\n Printing\n\n python\n\n Remote Apple Events\n\n Safari RSS\n\n servermgrd\n\n SMB\n\n SquirrelMail\n\n X11\n\n XTerm\");\n\n script_tag(name:\"solution\", value:\"Update your Mac OS X operating system. Please see the references for more information.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver || ssh_osx_ver !~ \"^10\\.[45]\\.\") exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.6\",\"Mac OS X Server 10.5.6\",\"Mac OS X 10.4.11\",\"Mac OS X Server 10.4.11\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.6\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.5.6\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X 10.5.6\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.001\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.6\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.5.6\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X Server 10.5.6\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.001\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.4.11\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.4.11\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.001\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.4.11\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.4.11\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X Server 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.001\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:40:08", "description": "The remote host is missing Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006.", "cvss3": {}, "published": "2010-05-12T00:00:00", "type": "openvas", "title": "Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1191", "CVE-2008-0658", "CVE-2007-5707", "CVE-2009-2414", "CVE-2009-1955", "CVE-2009-2411", "CVE-2009-2203", "CVE-2009-2666", "CVE-2007-6698", "CVE-2009-2834", "CVE-2009-3292", "CVE-2009-2838", "CVE-2009-2416", "CVE-2009-2827", "CVE-2009-2833", "CVE-2009-2409", "CVE-2009-2824", "CVE-2009-2285", "CVE-2009-2408", "CVE-2009-2798", "CVE-2009-1632", "CVE-2009-2202", "CVE-2009-2820", "CVE-2009-3111", "CVE-2009-2832", "CVE-2009-2835", "CVE-2009-2837", "CVE-2009-2826", "CVE-2009-1890", "CVE-2009-2819", "CVE-2009-2829", "CVE-2009-0023", "CVE-2009-2823", "CVE-2009-1574", "CVE-2009-2831", "CVE-2009-3235", "CVE-2009-2412", "CVE-2009-1956", "CVE-2009-2840", "CVE-2009-3291", "CVE-2009-2825", "CVE-2009-3293", "CVE-2009-2839", "CVE-2009-1891", "CVE-2009-2836", "CVE-2009-2828", "CVE-2009-2808", "CVE-2009-2799", "CVE-2009-2818", "CVE-2008-5161", "CVE-2009-1195", "CVE-2009-2810", "CVE-2009-2830"], "modified": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310102038", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102038", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n# $Id: macosx_upd_10_6_2_secupd_2009-006.nasl 14307 2019-03-19 10:09:27Z cfischer $\n#\n# Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006\n#\n# LSS-NVT-2010-027\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102038\");\n script_version(\"$Revision: 14307 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 11:09:27 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2009-2819\", \"CVE-2009-2818\", \"CVE-2009-0023\", \"CVE-2009-1191\", \"CVE-2009-1195\",\n \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-1955\", \"CVE-2009-1956\", \"CVE-2009-2823\",\n \"CVE-2009-2412\", \"CVE-2009-2824\", \"CVE-2009-2825\", \"CVE-2009-2826\", \"CVE-2009-2202\",\n \"CVE-2009-2799\", \"CVE-2009-2820\", \"CVE-2009-2831\", \"CVE-2009-2828\", \"CVE-2009-2827\",\n \"CVE-2009-3235\", \"CVE-2009-2829\", \"CVE-2009-2666\", \"CVE-2009-2830\", \"CVE-2009-2832\",\n \"CVE-2009-2808\", \"CVE-2009-2285\", \"CVE-2009-2833\", \"CVE-2009-2834\", \"CVE-2009-1574\",\n \"CVE-2009-1632\", \"CVE-2009-2835\", \"CVE-2009-2810\", \"CVE-2009-2409\", \"CVE-2009-2414\",\n \"CVE-2009-2416\", \"CVE-2009-2836\", \"CVE-2009-2408\", \"CVE-2007-5707\", \"CVE-2007-6698\",\n \"CVE-2008-0658\", \"CVE-2008-5161\", \"CVE-2009-3291\", \"CVE-2009-3292\", \"CVE-2009-3293\",\n \"CVE-2009-2837\", \"CVE-2009-2838\", \"CVE-2009-2203\", \"CVE-2009-2798\", \"CVE-2009-3111\",\n \"CVE-2009-2839\", \"CVE-2009-2840\", \"CVE-2009-2411\");\n script_name(\"Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[56]\\.\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT3937\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006.\");\n\n script_tag(name:\"affected\", value:\"One or more of the following components are affected:\n\n AFP Client\n\n Adaptive Firewall\n\n Apache\n\n Apache Portable Runtime\n\n ATS\n\n Certificate Assistant\n\n CoreGraphics\n\n CoreMedia\n\n CUPS\n\n Dictionary\n\n DirectoryService\n\n Disk Images\n\n Dovecot\n\n Event Monitor\n\n fetchmail\n\n file\n\n FTP Server\n\n Help Viewer\n\n ImageIO\n\n International Components for Unicode\n\n IOKit\n\n IPSec\n\n Kernel\n\n Launch Services\n\n libsecurity\n\n libxml\n\n Login Window\n\n OpenLDAP\n\n OpenSSH\n\n PHP\n\n QuickDraw Manager\n\n QuickLook\n\n QuickTime\n\n FreeRADIUS\n\n Screen Sharing\n\n Spotlight\n\n Subversion\");\n\n script_tag(name:\"solution\", value:\"Update your Mac OS X operating system. Please see the references for more information.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver || ssh_osx_ver !~ \"^10\\.[56]\\.\") exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.8\",\"Mac OS X Server 10.5.8\",\"Mac OS X Server 10.6.1\",\"Mac OS X 10.6.1\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.8\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.5.8\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X 10.5.8\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.006\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.8\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.5.8\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X Server 10.5.8\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.006\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.6.1\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.6.2\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0); }\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.6.1\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.6.2\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0); }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:09:57", "description": "The remote host is missing Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006.\n One or more of the following components are affected:\n\n AFP Client\n Adaptive Firewall\n Apache\n Apache Portable Runtime\n ATS\n Certificate Assistant\n CoreGraphics\n CoreMedia\n CUPS\n Dictionary\n DirectoryService\n Disk Images\n Dovecot\n Event Monitor\n fetchmail\n file\n FTP Server\n Help Viewer\n ImageIO\n International Components for Unicode\n IOKit\n IPSec\n Kernel\n Launch Services\n libsecurity\n libxml\n Login Window\n OpenLDAP\n OpenSSH\n PHP\n QuickDraw Manager\n QuickLook\n QuickTime\n FreeRADIUS\n Screen Sharing\n Spotlight\n Subversion", "cvss3": {}, "published": "2010-05-12T00:00:00", "type": "openvas", "title": "Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1191", "CVE-2008-0658", "CVE-2007-5707", "CVE-2009-2414", "CVE-2009-1955", "CVE-2009-2411", "CVE-2009-2203", "CVE-2009-2666", "CVE-2007-6698", "CVE-2009-2834", "CVE-2009-3292", "CVE-2009-2838", "CVE-2009-2416", "CVE-2009-2827", "CVE-2009-2833", "CVE-2009-2409", "CVE-2009-2824", "CVE-2009-2285", "CVE-2009-2408", "CVE-2009-2798", "CVE-2009-1632", "CVE-2009-2202", "CVE-2009-2820", "CVE-2009-3111", "CVE-2009-2832", "CVE-2009-2835", "CVE-2009-2837", "CVE-2009-2826", "CVE-2009-1890", "CVE-2009-2819", "CVE-2009-2829", "CVE-2009-0023", "CVE-2009-2823", "CVE-2009-1574", "CVE-2009-2831", "CVE-2009-3235", "CVE-2009-2412", "CVE-2009-1956", "CVE-2009-2840", "CVE-2009-3291", "CVE-2009-2825", "CVE-2009-3293", "CVE-2009-2839", "CVE-2009-1891", "CVE-2009-2836", "CVE-2009-2828", "CVE-2009-2808", "CVE-2009-2799", "CVE-2009-2818", "CVE-2008-5161", "CVE-2009-1195", "CVE-2009-2810", "CVE-2009-2830"], "modified": "2017-02-22T00:00:00", "id": "OPENVAS:102038", "href": "http://plugins.openvas.org/nasl.php?oid=102038", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006\n#\n# LSS-NVT-2010-027\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"Update your Mac OS X operating system.\n\n For more information see:\n http://support.apple.com/kb/HT3937\";\n\ntag_summary = \"The remote host is missing Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006.\n One or more of the following components are affected:\n\n AFP Client\n Adaptive Firewall\n Apache\n Apache Portable Runtime\n ATS\n Certificate Assistant\n CoreGraphics\n CoreMedia\n CUPS\n Dictionary\n DirectoryService\n Disk Images\n Dovecot\n Event Monitor\n fetchmail\n file\n FTP Server\n Help Viewer\n ImageIO\n International Components for Unicode\n IOKit\n IPSec\n Kernel\n Launch Services\n libsecurity\n libxml\n Login Window\n OpenLDAP\n OpenSSH\n PHP\n QuickDraw Manager\n QuickLook\n QuickTime\n FreeRADIUS\n Screen Sharing\n Spotlight\n Subversion\";\n\n\nif(description)\n{\n script_id(102038);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2009-2819\",\"CVE-2009-2818\",\"CVE-2009-0023\",\"CVE-2009-1191\",\"CVE-2009-1195\",\"CVE-2009-1890\",\"CVE-2009-1891\",\"CVE-2009-1955\",\"CVE-2009-1956\",\"CVE-2009-2823\",\"CVE-2009-2412\",\"CVE-2009-2824\",\"CVE-2009-2825\",\"CVE-2009-2826\",\"CVE-2009-2202\",\"CVE-2009-2799\",\"CVE-2009-2820\",\"CVE-2009-2831\",\"CVE-2009-2828\",\"CVE-2009-2827\",\"CVE-2009-3235\",\"CVE-2009-2829\",\"CVE-2009-2666\",\"CVE-2009-2830\",\"CVE-2009-2832\",\"CVE-2009-2808\",\"CVE-2009-2285\",\"CVE-2009-2833\",\"CVE-2009-2834\",\"CVE-2009-1574\",\"CVE-2009-1632\",\"CVE-2009-2835\",\"CVE-2009-2810\",\"CVE-2009-2409\",\"CVE-2009-2414\",\"CVE-2009-2416\",\"CVE-2009-2836\",\"CVE-2009-2408\",\"CVE-2007-5707\",\"CVE-2007-6698\",\"CVE-2008-0658\",\"CVE-2008-5161\",\"CVE-2009-3291\",\"CVE-2009-3292\",\"CVE-2009-3293\",\"CVE-2009-2837\",\"CVE-2009-2838\",\"CVE-2009-2203\",\"CVE-2009-2798\",\"CVE-2009-3111\",\"CVE-2009-2839\",\"CVE-2009-2840\",\"CVE-2009-2411\");\n script_name(\"Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver) exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.8\",\"Mac OS X Server 10.5.8\",\"Mac OS X Server 10.6.1\",\"Mac OS X 10.6.1\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message(0); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.8\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.5.8\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.5.8\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.006\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.8\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.5.8\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.5.8\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.006\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.6.1\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.6.2\")) { security_message(0); exit(0); }\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.6.1\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.6.2\")) { security_message(0); exit(0); }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2021-10-21T04:43:48", "description": "Fetchmail is a remote mail retrieval and forwarding utility intended for\nuse over on-demand TCP/IP links, such as SLIP and PPP connections.\n\nIt was discovered that fetchmail is affected by the previously published\n\"null prefix attack\", caused by incorrect handling of NULL characters in\nX.509 certificates. If an attacker is able to get a carefully-crafted\ncertificate signed by a trusted Certificate Authority, the attacker could\nuse the certificate during a man-in-the-middle attack and potentially\nconfuse fetchmail into accepting it by mistake. (CVE-2009-2666)\n\nA flaw was found in the way fetchmail handles rejections from a remote SMTP\nserver when sending warning mail to the postmaster. If fetchmail sent a\nwarning mail to the postmaster of an SMTP server and that SMTP server\nrejected it, fetchmail could crash. (CVE-2007-4565)\n\nA flaw was found in fetchmail. When fetchmail is run in double verbose\nmode (\"-v -v\"), it could crash upon receiving certain, malformed mail\nmessages with long headers. A remote attacker could use this flaw to cause\na denial of service if fetchmail was also running in daemon mode (\"-d\").\n(CVE-2008-2711)\n\nNote: when using SSL-enabled services, it is recommended that the fetchmail\n\"--sslcertck\" option be used to enforce strict SSL certificate checking.\n\nAll fetchmail users should upgrade to this updated package, which contains\nbackported patches to correct these issues. If fetchmail is running in\ndaemon mode, it must be restarted for this update to take effect (use the\n\"fetchmail --quit\" command to stop the fetchmail process).", "cvss3": {}, "published": "2009-09-08T00:00:00", "type": "redhat", "title": "(RHSA-2009:1427) Moderate: fetchmail security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4565", "CVE-2008-2711", "CVE-2009-2666"], "modified": "2018-05-26T00:26:17", "id": "RHSA-2009:1427", "href": "https://access.redhat.com/errata/RHSA-2009:1427", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "nessus": [{"lastseen": "2023-05-18T14:26:16", "description": "An updated fetchmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nFetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, such as SLIP and PPP connections.\n\nIt was discovered that fetchmail is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse fetchmail into accepting it by mistake. (CVE-2009-2666)\n\nA flaw was found in the way fetchmail handles rejections from a remote SMTP server when sending warning mail to the postmaster. If fetchmail sent a warning mail to the postmaster of an SMTP server and that SMTP server rejected it, fetchmail could crash. (CVE-2007-4565)\n\nA flaw was found in fetchmail. When fetchmail is run in double verbose mode ('-v -v'), it could crash upon receiving certain, malformed mail messages with long headers. A remote attacker could use this flaw to cause a denial of service if fetchmail was also running in daemon mode ('-d'). (CVE-2008-2711)\n\nNote: when using SSL-enabled services, it is recommended that the fetchmail '--sslcertck' option be used to enforce strict SSL certificate checking.\n\nAll fetchmail users should upgrade to this updated package, which contains backported patches to correct these issues. If fetchmail is running in daemon mode, it must be restarted for this update to take effect (use the 'fetchmail --quit' command to stop the fetchmail process).", "cvss3": {}, "published": "2009-09-09T00:00:00", "type": "nessus", "title": "CentOS 3 / 4 / 5 : fetchmail (CESA-2009:1427)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565", "CVE-2008-2711", "CVE-2009-2666"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:fetchmail", "cpe:/o:centos:centos:3", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-1427.NASL", "href": "https://www.tenable.com/plugins/nessus/40893", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1427 and \n# CentOS Errata and Security Advisory 2009:1427 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40893);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-4565\", \"CVE-2008-2711\", \"CVE-2009-2666\");\n script_bugtraq_id(25495, 29705);\n script_xref(name:\"RHSA\", value:\"2009:1427\");\n\n script_name(english:\"CentOS 3 / 4 / 5 : fetchmail (CESA-2009:1427)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated fetchmail package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nFetchmail is a remote mail retrieval and forwarding utility intended\nfor use over on-demand TCP/IP links, such as SLIP and PPP connections.\n\nIt was discovered that fetchmail is affected by the previously\npublished 'null prefix attack', caused by incorrect handling of NULL\ncharacters in X.509 certificates. If an attacker is able to get a\ncarefully-crafted certificate signed by a trusted Certificate\nAuthority, the attacker could use the certificate during a\nman-in-the-middle attack and potentially confuse fetchmail into\naccepting it by mistake. (CVE-2009-2666)\n\nA flaw was found in the way fetchmail handles rejections from a remote\nSMTP server when sending warning mail to the postmaster. If fetchmail\nsent a warning mail to the postmaster of an SMTP server and that SMTP\nserver rejected it, fetchmail could crash. (CVE-2007-4565)\n\nA flaw was found in fetchmail. When fetchmail is run in double verbose\nmode ('-v -v'), it could crash upon receiving certain, malformed mail\nmessages with long headers. A remote attacker could use this flaw to\ncause a denial of service if fetchmail was also running in daemon mode\n('-d'). (CVE-2008-2711)\n\nNote: when using SSL-enabled services, it is recommended that the\nfetchmail '--sslcertck' option be used to enforce strict SSL\ncertificate checking.\n\nAll fetchmail users should upgrade to this updated package, which\ncontains backported patches to correct these issues. If fetchmail is\nrunning in daemon mode, it must be restarted for this update to take\neffect (use the 'fetchmail --quit' command to stop the fetchmail\nprocess).\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-October/016226.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c76bd2ba\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-October/016227.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dab1eea8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-September/016125.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fa4c5b68\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-September/016126.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f28a6314\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-September/016127.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?36403cf8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-September/016128.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8dcf387\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-September/016159.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?10766e6a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-September/016160.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9ab64493\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fetchmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"fetchmail-6.2.0-3.el3.5\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"fetchmail-6.2.0-3.el3.5\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"fetchmail-6.2.5-6.0.1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"fetchmail-6.2.5-6.0.1.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"fetchmail-6.3.6-1.1.el5_3.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fetchmail\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:26", "description": "An updated fetchmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nFetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, such as SLIP and PPP connections.\n\nIt was discovered that fetchmail is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse fetchmail into accepting it by mistake. (CVE-2009-2666)\n\nA flaw was found in the way fetchmail handles rejections from a remote SMTP server when sending warning mail to the postmaster. If fetchmail sent a warning mail to the postmaster of an SMTP server and that SMTP server rejected it, fetchmail could crash. (CVE-2007-4565)\n\nA flaw was found in fetchmail. When fetchmail is run in double verbose mode ('-v -v'), it could crash upon receiving certain, malformed mail messages with long headers. A remote attacker could use this flaw to cause a denial of service if fetchmail was also running in daemon mode ('-d'). (CVE-2008-2711)\n\nNote: when using SSL-enabled services, it is recommended that the fetchmail '--sslcertck' option be used to enforce strict SSL certificate checking.\n\nAll fetchmail users should upgrade to this updated package, which contains backported patches to correct these issues. If fetchmail is running in daemon mode, it must be restarted for this update to take effect (use the 'fetchmail --quit' command to stop the fetchmail process).", "cvss3": {}, "published": "2009-09-09T00:00:00", "type": "nessus", "title": "RHEL 3 / 4 / 5 : fetchmail (RHSA-2009:1427)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565", "CVE-2008-2711", "CVE-2009-2666"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:fetchmail", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.4"], "id": "REDHAT-RHSA-2009-1427.NASL", "href": "https://www.tenable.com/plugins/nessus/40901", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1427. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40901);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4565\", \"CVE-2008-2711\", \"CVE-2009-2666\");\n script_bugtraq_id(25495, 29705);\n script_xref(name:\"RHSA\", value:\"2009:1427\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : fetchmail (RHSA-2009:1427)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated fetchmail package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nFetchmail is a remote mail retrieval and forwarding utility intended\nfor use over on-demand TCP/IP links, such as SLIP and PPP connections.\n\nIt was discovered that fetchmail is affected by the previously\npublished 'null prefix attack', caused by incorrect handling of NULL\ncharacters in X.509 certificates. If an attacker is able to get a\ncarefully-crafted certificate signed by a trusted Certificate\nAuthority, the attacker could use the certificate during a\nman-in-the-middle attack and potentially confuse fetchmail into\naccepting it by mistake. (CVE-2009-2666)\n\nA flaw was found in the way fetchmail handles rejections from a remote\nSMTP server when sending warning mail to the postmaster. If fetchmail\nsent a warning mail to the postmaster of an SMTP server and that SMTP\nserver rejected it, fetchmail could crash. (CVE-2007-4565)\n\nA flaw was found in fetchmail. When fetchmail is run in double verbose\nmode ('-v -v'), it could crash upon receiving certain, malformed mail\nmessages with long headers. A remote attacker could use this flaw to\ncause a denial of service if fetchmail was also running in daemon mode\n('-d'). (CVE-2008-2711)\n\nNote: when using SSL-enabled services, it is recommended that the\nfetchmail '--sslcertck' option be used to enforce strict SSL\ncertificate checking.\n\nAll fetchmail users should upgrade to this updated package, which\ncontains backported patches to correct these issues. If fetchmail is\nrunning in daemon mode, it must be restarted for this update to take\neffect (use the 'fetchmail --quit' command to stop the fetchmail\nprocess).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1427\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fetchmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1427\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"fetchmail-6.2.0-3.el3.5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"fetchmail-6.2.5-6.0.1.el4_8.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"fetchmail-6.3.6-1.1.el5_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"fetchmail-6.3.6-1.1.el5_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"fetchmail-6.3.6-1.1.el5_3.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fetchmail\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:16", "description": "CVE-2007-4565 Fetchmail NULL pointer dereference\n\nCVE-2008-2711 fetchmail: Crash in large log messages in verbose mode\n\nCVE-2009-2666 fetchmail: SSL null terminator bypass\n\nIt was discovered that fetchmail is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse fetchmail into accepting it by mistake. (CVE-2009-2666)\n\nA flaw was found in the way fetchmail handles rejections from a remote SMTP server when sending warning mail to the postmaster. If fetchmail sent a warning mail to the postmaster of an SMTP server and that SMTP server rejected it, fetchmail could crash. (CVE-2007-4565)\n\nA flaw was found in fetchmail. When fetchmail is run in double verbose mode ('-v -v'), it could crash upon receiving certain, malformed mail messages with long headers. A remote attacker could use this flaw to cause a denial of service if fetchmail was also running in daemon mode ('-d'). (CVE-2008-2711)\n\nIf fetchmail is running in daemon mode, it must be restarted for this update to take effect (use the 'fetchmail --quit' command to stop the fetchmail process).", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : fetchmail on SL3.x, SL4.x, SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565", "CVE-2008-2711", "CVE-2009-2666"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090908_FETCHMAIL_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60662", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60662);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4565\", \"CVE-2008-2711\", \"CVE-2009-2666\");\n\n script_name(english:\"Scientific Linux Security Update : fetchmail on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2007-4565 Fetchmail NULL pointer dereference\n\nCVE-2008-2711 fetchmail: Crash in large log messages in verbose mode\n\nCVE-2009-2666 fetchmail: SSL null terminator bypass\n\nIt was discovered that fetchmail is affected by the previously\npublished 'null prefix attack', caused by incorrect handling of NULL\ncharacters in X.509 certificates. If an attacker is able to get a\ncarefully-crafted certificate signed by a trusted Certificate\nAuthority, the attacker could use the certificate during a\nman-in-the-middle attack and potentially confuse fetchmail into\naccepting it by mistake. (CVE-2009-2666)\n\nA flaw was found in the way fetchmail handles rejections from a remote\nSMTP server when sending warning mail to the postmaster. If fetchmail\nsent a warning mail to the postmaster of an SMTP server and that SMTP\nserver rejected it, fetchmail could crash. (CVE-2007-4565)\n\nA flaw was found in fetchmail. When fetchmail is run in double verbose\nmode ('-v -v'), it could crash upon receiving certain, malformed mail\nmessages with long headers. A remote attacker could use this flaw to\ncause a denial of service if fetchmail was also running in daemon mode\n('-d'). (CVE-2008-2711)\n\nIf fetchmail is running in daemon mode, it must be restarted for this\nupdate to take effect (use the 'fetchmail --quit' command to stop the\nfetchmail process).\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0909&L=scientific-linux-errata&T=0&P=329\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?40f1306b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fetchmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_cwe_id(20, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"fetchmail-6.2.0-3.el3.5\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"fetchmail-6.2.5-6.0.1.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"fetchmail-6.3.6-1.1.el5_3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:39:40", "description": "From Red Hat Security Advisory 2009:1427 :\n\nAn updated fetchmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nFetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, such as SLIP and PPP connections.\n\nIt was discovered that fetchmail is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse fetchmail into accepting it by mistake. (CVE-2009-2666)\n\nA flaw was found in the way fetchmail handles rejections from a remote SMTP server when sending warning mail to the postmaster. If fetchmail sent a warning mail to the postmaster of an SMTP server and that SMTP server rejected it, fetchmail could crash. (CVE-2007-4565)\n\nA flaw was found in fetchmail. When fetchmail is run in double verbose mode ('-v -v'), it could crash upon receiving certain, malformed mail messages with long headers. A remote attacker could use this flaw to cause a denial of service if fetchmail was also running in daemon mode ('-d'). (CVE-2008-2711)\n\nNote: when using SSL-enabled services, it is recommended that the fetchmail '--sslcertck' option be used to enforce strict SSL certificate checking.\n\nAll fetchmail users should upgrade to this updated package, which contains backported patches to correct these issues. If fetchmail is running in daemon mode, it must be restarted for this update to take effect (use the 'fetchmail --quit' command to stop the fetchmail process).", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 3 / 4 / 5 : fetchmail (ELSA-2009-1427)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565", "CVE-2008-2711", "CVE-2009-2666"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:fetchmail", "cpe:/o:oracle:linux:3", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2009-1427.NASL", "href": "https://www.tenable.com/plugins/nessus/67920", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1427 and \n# Oracle Linux Security Advisory ELSA-2009-1427 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67920);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4565\", \"CVE-2008-2711\", \"CVE-2009-2666\");\n script_bugtraq_id(25495, 29705);\n script_xref(name:\"RHSA\", value:\"2009:1427\");\n\n script_name(english:\"Oracle Linux 3 / 4 / 5 : fetchmail (ELSA-2009-1427)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1427 :\n\nAn updated fetchmail package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nFetchmail is a remote mail retrieval and forwarding utility intended\nfor use over on-demand TCP/IP links, such as SLIP and PPP connections.\n\nIt was discovered that fetchmail is affected by the previously\npublished 'null prefix attack', caused by incorrect handling of NULL\ncharacters in X.509 certificates. If an attacker is able to get a\ncarefully-crafted certificate signed by a trusted Certificate\nAuthority, the attacker could use the certificate during a\nman-in-the-middle attack and potentially confuse fetchmail into\naccepting it by mistake. (CVE-2009-2666)\n\nA flaw was found in the way fetchmail handles rejections from a remote\nSMTP server when sending warning mail to the postmaster. If fetchmail\nsent a warning mail to the postmaster of an SMTP server and that SMTP\nserver rejected it, fetchmail could crash. (CVE-2007-4565)\n\nA flaw was found in fetchmail. When fetchmail is run in double verbose\nmode ('-v -v'), it could crash upon receiving certain, malformed mail\nmessages with long headers. A remote attacker could use this flaw to\ncause a denial of service if fetchmail was also running in daemon mode\n('-d'). (CVE-2008-2711)\n\nNote: when using SSL-enabled services, it is recommended that the\nfetchmail '--sslcertck' option be used to enforce strict SSL\ncertificate checking.\n\nAll fetchmail users should upgrade to this updated package, which\ncontains backported patches to correct these issues. If fetchmail is\nrunning in daemon mode, it must be restarted for this update to take\neffect (use the 'fetchmail --quit' command to stop the fetchmail\nprocess).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-September/001137.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-September/001139.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-September/001143.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fetchmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"fetchmail-6.2.0-3.el3.5\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"fetchmail-6.2.0-3.el3.5\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"fetchmail-6.2.5-6.0.1.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"fetchmail-6.3.6-1.1.el5_3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fetchmail\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:19", "description": "A flaw in fetchmail was discovered that allowed remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed message with long headers. The crash only occured when fetchmail was called in '-v -v' mode (CVE-2008-2711).\n\nThe updated packages have been patched to prevent this issue.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : fetchmail (MDVSA-2008:117)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2711"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2008.0", "cpe:/o:mandriva:linux:2008.1", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:fetchmail", "p-cpe:/a:mandriva:linux:fetchmail-daemon", "p-cpe:/a:mandriva:linux:fetchmailconf"], "id": "MANDRIVA_MDVSA-2008-117.NASL", "href": "https://www.tenable.com/plugins/nessus/36958", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:117. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36958);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-2711\");\n script_bugtraq_id(29705);\n script_xref(name:\"MDVSA\", value:\"2008:117\");\n\n script_name(english:\"Mandriva Linux Security Advisory : fetchmail (MDVSA-2008:117)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw in fetchmail was discovered that allowed remote attackers to\ncause a denial of service (crash and persistent mail failure) via a\nmalformed message with long headers. The crash only occured when\nfetchmail was called in '-v -v' mode (CVE-2008-2711).\n\nThe updated packages have been patched to prevent this issue.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected fetchmail, fetchmail-daemon and / or fetchmailconf\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fetchmail-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fetchmailconf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", reference:\"fetchmail-6.3.6-1.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"fetchmail-daemon-6.3.6-1.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"fetchmailconf-6.3.6-1.3mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", reference:\"fetchmail-6.3.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"fetchmail-daemon-6.3.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"fetchmailconf-6.3.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"fetchmail-6.3.8-7.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"fetchmail-daemon-6.3.8-7.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"fetchmailconf-6.3.8-7.1mdv2008.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:45:24", "description": "http://fetchmail.berlios.de/fetchmail-SA-2008-01.txt\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2008-07-02T00:00:00", "type": "nessus", "title": "Fedora 8 : fetchmail-6.3.8-4.fc8 (2008-5800)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2711"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:fetchmail", "cpe:/o:fedoraproject:fedora:8"], "id": "FEDORA_2008-5800.NASL", "href": "https://www.tenable.com/plugins/nessus/33373", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-5800.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33373);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-2711\");\n script_bugtraq_id(29705);\n script_xref(name:\"FEDORA\", value:\"2008-5800\");\n\n script_name(english:\"Fedora 8 : fetchmail-6.3.8-4.fc8 (2008-5800)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://fetchmail.berlios.de/fetchmail-SA-2008-01.txt\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://fetchmail.berlios.de/fetchmail-SA-2008-01.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=451758\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-June/011838.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c1e6f5c9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fetchmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"fetchmail-6.3.8-4.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fetchmail\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:45:18", "description": "Matthias Andree reports :\n\n2008-06-24 1.2 also fixed issue in report_complete (reported by Petr Uzel)", "cvss3": {}, "published": "2008-07-02T00:00:00", "type": "nessus", "title": "FreeBSD : fetchmail -- potential crash in -v -v verbose mode (revised patch) (1e8e63c0-478a-11dd-a88d-000ea69a5213)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2711"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:fetchmail", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_1E8E63C0478A11DDA88D000EA69A5213.NASL", "href": "https://www.tenable.com/plugins/nessus/33374", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33374);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-2711\");\n\n script_name(english:\"FreeBSD : fetchmail -- potential crash in -v -v verbose mode (revised patch) (1e8e63c0-478a-11dd-a88d-000ea69a5213)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Matthias Andree reports :\n\n2008-06-24 1.2 also fixed issue in report_complete (reported by Petr\nUzel)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.fetchmail.info/fetchmail-SA-2008-01.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/1e8e63c0-478a-11dd-a88d-000ea69a5213.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b9aef85e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/06/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"fetchmail<6.3.8_7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:45:15", "description": "New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix security issues.", "cvss3": {}, "published": "2008-07-29T00:00:00", "type": "nessus", "title": "Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 8.1 / 9.0 / 9.1 / current : fetchmail (SSA:2008-210-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2711"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:fetchmail", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:10.0", "cpe:/o:slackware:slackware_linux:10.1", "cpe:/o:slackware:slackware_linux:10.2", "cpe:/o:slackware:slackware_linux:11.0", "cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:slackware:slackware_linux:8.1", "cpe:/o:slackware:slackware_linux:9.0", "cpe:/o:slackware:slackware_linux:9.1"], "id": "SLACKWARE_SSA_2008-210-01.NASL", "href": "https://www.tenable.com/plugins/nessus/33746", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2008-210-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33746);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2711\");\n script_bugtraq_id(29705);\n script_xref(name:\"SSA\", value:\"2008-210-01\");\n\n script_name(english:\"Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 8.1 / 9.0 / 9.1 / current : fetchmail (SSA:2008-210-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New fetchmail packages are available for Slackware 8.1, 9.0, 9.1,\n10.0, 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix security\nissues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.495740\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95e30f29\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fetchmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"8.1\", pkgname:\"fetchmail\", pkgver:\"6.3.8\", pkgarch:\"i386\", pkgnum:\"1_slack8.1\")) flag++;\n\nif (slackware_check(osver:\"9.0\", pkgname:\"fetchmail\", pkgver:\"6.3.8\", pkgarch:\"i386\", pkgnum:\"1_slack9.0\")) flag++;\n\nif (slackware_check(osver:\"9.1\", pkgname:\"fetchmail\", pkgver:\"6.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack9.1\")) flag++;\n\nif (slackware_check(osver:\"10.0\", pkgname:\"fetchmail\", pkgver:\"6.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack10.0\")) flag++;\n\nif (slackware_check(osver:\"10.1\", pkgname:\"fetchmail\", pkgver:\"6.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack10.1\")) flag++;\n\nif (slackware_check(osver:\"10.2\", pkgname:\"fetchmail\", pkgver:\"6.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"11.0\", pkgname:\"fetchmail\", pkgver:\"6.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"fetchmail\", pkgver:\"6.3.8\", pkgarch:\"i486\", pkgnum:\"3_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"fetchmail\", pkgver:\"6.3.8\", pkgarch:\"i486\", pkgnum:\"3_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"fetchmail\", pkgver:\"6.3.8\", pkgarch:\"i486\", pkgnum:\"3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:45:03", "description": "http://fetchmail.berlios.de/fetchmail-SA-2008-01.txt\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2008-07-02T00:00:00", "type": "nessus", "title": "Fedora 9 : fetchmail-6.3.8-7.fc9 (2008-5789)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2711"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:fetchmail", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2008-5789.NASL", "href": "https://www.tenable.com/plugins/nessus/33372", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-5789.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33372);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-2711\");\n script_bugtraq_id(29705);\n script_xref(name:\"FEDORA\", value:\"2008-5789\");\n\n script_name(english:\"Fedora 9 : fetchmail-6.3.8-7.fc9 (2008-5789)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://fetchmail.berlios.de/fetchmail-SA-2008-01.txt\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://fetchmail.berlios.de/fetchmail-SA-2008-01.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=451758\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-June/011834.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48e2085e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fetchmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"fetchmail-6.3.8-7.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fetchmail\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:27", "description": "Matthias Andree reports :\n\nGunter Nau reported fetchmail crashing on some messages; further debugging by Petr Uzel and Petr Cerny at Novell/SUSE Czech Republic dug up that this happened when fetchmail was trying to print, in -v -v verbose level, headers exceeding 2048 bytes. In this situation, fetchmail would resize the buffer and fill in further parts of the message, but forget to reinitialize its va_list typed source pointer, thus reading data from a garbage address found on the stack at addresses above the function arguments the caller passed in; usually that would be the caller's stack frame.", "cvss3": {}, "published": "2008-06-24T00:00:00", "type": "nessus", "title": "FreeBSD : fetchmail -- potential crash in -v -v verbose mode (168190df-3e9a-11dd-87bc-000ea69a5213)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2711"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:fetchmail", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_168190DF3E9A11DD87BC000EA69A5213.NASL", "href": "https://www.tenable.com/plugins/nessus/33239", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33239);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-2711\");\n\n script_name(english:\"FreeBSD : fetchmail -- potential crash in -v -v verbose mode (168190df-3e9a-11dd-87bc-000ea69a5213)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Matthias Andree reports :\n\nGunter Nau reported fetchmail crashing on some messages; further\ndebugging by Petr Uzel and Petr Cerny at Novell/SUSE Czech Republic\ndug up that this happened when fetchmail was trying to print, in -v -v\nverbose level, headers exceeding 2048 bytes. In this situation,\nfetchmail would resize the buffer and fill in further parts of the\nmessage, but forget to reinitialize its va_list typed source pointer,\nthus reading data from a garbage address found on the stack at\naddresses above the function arguments the caller passed in; usually\nthat would be the caller's stack frame.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.fetchmail.info/fetchmail-SA-2008-01.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/168190df-3e9a-11dd-87bc-000ea69a5213.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ecf4b84b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/06/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"fetchmail<6.3.8_6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:18:39", "description": "If fetchmail is running in daemon mode, it must be restarted for this update to take effect (use the 'fetchmail --quit' command to stop the fetchmail process).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-09-04T00:00:00", "type": "nessus", "title": "Fedora 10 : fetchmail-6.3.8-9.fc10 (2009-8770)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:fetchmail", "cpe:/o:fedoraproject:fedora:10"], "id": "FEDORA_2009-8770.NASL", "href": "https://www.tenable.com/plugins/nessus/40863", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-8770.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40863);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-2666\");\n script_xref(name:\"FEDORA\", value:\"2009-8770\");\n\n script_name(english:\"Fedora 10 : fetchmail-6.3.8-9.fc10 (2009-8770)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"If fetchmail is running in daemon mode, it must be restarted for this\nupdate to take effect (use the 'fetchmail --quit' command to stop the\nfetchmail process).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=515804\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-September/028799.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9ebeb72d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fetchmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"fetchmail-6.3.8-9.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fetchmail\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:14", "description": "Matthias Andree discovered that fetchmail did not properly handle certificates with NULL characters in the certificate name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-08-13T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : fetchmail vulnerability (USN-816-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:fetchmail", "p-cpe:/a:canonical:ubuntu_linux:fetchmailconf", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04"], "id": "UBUNTU_USN-816-1.NASL", "href": "https://www.tenable.com/plugins/nessus/40590", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-816-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40590);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-2666\");\n script_xref(name:\"USN\", value:\"816-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : fetchmail vulnerability (USN-816-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Matthias Andree discovered that fetchmail did not properly handle\ncertificates with NULL characters in the certificate name. A remote\nattacker could exploit this to perform a man in the middle attack to\nview sensitive information or alter encrypted communications.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/816-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fetchmail and / or fetchmailconf packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fetchmailconf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"fetchmail\", pkgver:\"6.3.2-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"fetchmailconf\", pkgver:\"6.3.2-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"fetchmail\", pkgver:\"6.3.8-10ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"fetchmailconf\", pkgver:\"6.3.8-10ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"fetchmail\", pkgver:\"6.3.8-11ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"fetchmailconf\", pkgver:\"6.3.8-11ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"fetchmail\", pkgver:\"6.3.9~rc2-4ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"fetchmailconf\", pkgver:\"6.3.9~rc2-4ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fetchmail / fetchmailconf\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:54", "description": "This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \\0-character in the certificate's subject name. (CVE-2009-2666)", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : fetchmail (ZYPP Patch Number 6409)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_FETCHMAIL-6409.NASL", "href": "https://www.tenable.com/plugins/nessus/41509", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41509);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2666\");\n\n script_name(english:\"SuSE 10 Security Update : fetchmail (ZYPP Patch Number 6409)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of fetchmail improves SSL certificate validation to stop\npossible man-in-the-middle attacks by inserting \\0-character in the\ncertificate's subject name. (CVE-2009-2666)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2666.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6409.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"fetchmail-6.3.2-15.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"fetchmail-6.3.2-15.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"fetchmailconf-6.3.2-15.16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:18:02", "description": "Matthias Andree reports :\n\nMoxie Marlinspike demonstrated in July 2009 that some CAs would sign certificates that contain embedded NUL characters in the Common Name or subjectAltName fields of ITU-T X.509 certificates.\n\nApplications that would treat such X.509 strings as NUL-terminated C strings (rather than strings that contain an explicit length field) would only check the part up to and excluding the NUL character, so that certificate names such as www.good.example\\0www.bad.example.com would be mistaken as a certificate name for www.good.example.\nfetchmail also had this design and implementation flaw.", "cvss3": {}, "published": "2009-08-12T00:00:00", "type": "nessus", "title": "FreeBSD : fetchmail -- improper SSL certificate subject verification (5179d85c-8683-11de-91b9-0022157515b2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:fetchmail", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_5179D85C868311DE91B90022157515B2.NASL", "href": "https://www.tenable.com/plugins/nessus/40571", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40571);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-2666\");\n\n script_name(english:\"FreeBSD : fetchmail -- improper SSL certificate subject verification (5179d85c-8683-11de-91b9-0022157515b2)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Matthias Andree reports :\n\nMoxie Marlinspike demonstrated in July 2009 that some CAs would sign\ncertificates that contain embedded NUL characters in the Common Name\nor subjectAltName fields of ITU-T X.509 certificates.\n\nApplications that would treat such X.509 strings as NUL-terminated C\nstrings (rather than strings that contain an explicit length field)\nwould only check the part up to and excluding the NUL character, so\nthat certificate names such as www.good.example\\0www.bad.example.com\nwould be mistaken as a certificate name for www.good.example.\nfetchmail also had this design and implementation flaw.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.fetchmail.info/fetchmail-SA-2009-01.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/5179d85c-8683-11de-91b9-0022157515b2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0278d4a8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"fetchmail<6.3.11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:17", "description": "This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \\0-character in the certificate's subject name. (CVE-2009-2666)", "cvss3": {}, "published": "2009-10-06T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : fetchmail (fetchmail-6410)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:fetchmail", "p-cpe:/a:novell:opensuse:fetchmailconf", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_FETCHMAIL-6410.NASL", "href": "https://www.tenable.com/plugins/nessus/41998", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update fetchmail-6410.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41998);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2666\");\n\n script_name(english:\"openSUSE 10 Security Update : fetchmail (fetchmail-6410)\");\n script_summary(english:\"Check for the fetchmail-6410 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of fetchmail improves SSL certificate validation to stop\npossible man-in-the-middle attacks by inserting \\0-character in the\ncertificate's subject name. (CVE-2009-2666)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fetchmail packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fetchmailconf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"fetchmail-6.3.8-57.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"fetchmailconf-6.3.8-57.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fetchmail\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:41", "description": "If fetchmail is running in daemon mode, it must be restarted for this update to take effect (use the 'fetchmail --quit' command to stop the fetchmail process).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-09-04T00:00:00", "type": "nessus", "title": "Fedora 11 : fetchmail-6.3.9-5.fc11 (2009-8780)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:fetchmail", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-8780.NASL", "href": "https://www.tenable.com/plugins/nessus/40864", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-8780.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40864);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-2666\");\n script_xref(name:\"FEDORA\", value:\"2009-8780\");\n\n script_name(english:\"Fedora 11 : fetchmail-6.3.9-5.fc11 (2009-8780)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"If fetchmail is running in daemon mode, it must be restarted for this\nupdate to take effect (use the 'fetchmail --quit' command to stop the\nfetchmail process).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=515804\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-September/028780.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96d965d4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fetchmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"fetchmail-6.3.9-5.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fetchmail\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:28", "description": "This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \\0-character in the certificate's subject name. (CVE-2009-2666)", "cvss3": {}, "published": "2009-08-12T00:00:00", "type": "nessus", "title": "openSUSE Security Update : fetchmail (fetchmail-1179)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:fetchmail", "p-cpe:/a:novell:opensuse:fetchmailconf", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_FETCHMAIL-090807.NASL", "href": "https://www.tenable.com/plugins/nessus/40574", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update fetchmail-1179.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40574);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2666\");\n\n script_name(english:\"openSUSE Security Update : fetchmail (fetchmail-1179)\");\n script_summary(english:\"Check for the fetchmail-1179 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of fetchmail improves SSL certificate validation to stop\npossible man-in-the-middle attacks by inserting \\0-character in the\ncertificate's subject name. (CVE-2009-2666)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=528746\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fetchmail packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fetchmailconf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"fetchmail-6.3.8.90-12.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"fetchmailconf-6.3.8.90-12.11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fetchmail\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:33", "description": "New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to a fix security issue.", "cvss3": {}, "published": "2009-08-07T00:00:00", "type": "nessus", "title": "Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 8.1 / 9.0 / 9.1 / current : fetchmail (SSA:2009-218-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:fetchmail", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:10.0", "cpe:/o:slackware:slackware_linux:10.1", "cpe:/o:slackware:slackware_linux:10.2", "cpe:/o:slackware:slackware_linux:11.0", "cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:8.1", "cpe:/o:slackware:slackware_linux:9.0", "cpe:/o:slackware:slackware_linux:9.1"], "id": "SLACKWARE_SSA_2009-218-01.NASL", "href": "https://www.tenable.com/plugins/nessus/40503", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2009-218-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40503);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2666\");\n script_bugtraq_id(35888);\n script_xref(name:\"SSA\", value:\"2009-218-01\");\n\n script_name(english:\"Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 8.1 / 9.0 / 9.1 / current : fetchmail (SSA:2009-218-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New fetchmail packages are available for Slackware 8.1, 9.0, 9.1,\n10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to a fix\nsecurity issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.543463\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8c0b8ddd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fetchmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"8.1\", pkgname:\"fetchmail\", pkgver:\"6.3.11\", pkgarch:\"i386\", pkgnum:\"1_slack8.1\")) flag++;\n\nif (slackware_check(osver:\"9.0\", pkgname:\"fetchmail\", pkgver:\"6.3.11\", pkgarch:\"i386\", pkgnum:\"1_slack9.0\")) flag++;\n\nif (slackware_check(osver:\"9.1\", pkgname:\"fetchmail\", pkgver:\"6.3.11\", pkgarch:\"i486\", pkgnum:\"1_slack9.1\")) flag++;\n\nif (slackware_check(osver:\"10.0\", pkgname:\"fetchmail\", pkgver:\"6.3.11\", pkgarch:\"i486\", pkgnum:\"1_slack10.0\")) flag++;\n\nif (slackware_check(osver:\"10.1\", pkgname:\"fetchmail\", pkgver:\"6.3.11\", pkgarch:\"i486\", pkgnum:\"1_slack10.1\")) flag++;\n\nif (slackware_check(osver:\"10.2\", pkgname:\"fetchmail\", pkgver:\"6.3.11\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"11.0\", pkgname:\"fetchmail\", pkgver:\"6.3.11\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"fetchmail\", pkgver:\"6.3.11\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"fetchmail\", pkgver:\"6.3.11\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"fetchmail\", pkgver:\"6.3.11\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"fetchmail\", pkgver:\"6.3.11\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"fetchmail\", pkgver:\"6.3.11\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:44:56", "description": "It was discovered that fetchmail, a full-featured remote mail retrieval and forwarding utility, is vulnerable to the 'Null Prefix Attacks Against SSL/TLS Certificates' recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the subjectAltName or Common Name fields.\n\nNote, as a fetchmail user you should always use strict certificate validation through either these option combinations: sslcertck ssl sslproto ssl3 (for service on SSL-wrapped ports) or sslcertck sslproto tls1 (for STARTTLS-based services)", "cvss3": {}, "published": "2010-02-24T00:00:00", "type": "nessus", "title": "Debian DSA-1852-1 : fetchmail - insufficient input validation", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:fetchmail", "cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-1852.NASL", "href": "https://www.tenable.com/plugins/nessus/44717", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1852. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44717);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-2666\");\n script_xref(name:\"DSA\", value:\"1852\");\n\n script_name(english:\"Debian DSA-1852-1 : fetchmail - insufficient input validation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that fetchmail, a full-featured remote mail\nretrieval and forwarding utility, is vulnerable to the 'Null Prefix\nAttacks Against SSL/TLS Certificates' recently published at the\nBlackhat conference. This allows an attacker to perform undetected\nman-in-the-middle attacks via a crafted ITU-T X.509 certificate with\nan injected null byte in the subjectAltName or Common Name fields.\n\nNote, as a fetchmail user you should always use strict certificate\nvalidation through either these option combinations: sslcertck ssl\nsslproto ssl3 (for service on SSL-wrapped ports) or sslcertck sslproto\ntls1 (for STARTTLS-based services)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1852\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the fetchmail packages.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 6.3.6-1etch2.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 6.3.9~rc2-4+lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"fetchmail\", reference:\"6.3.6-1etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"fetchmailconf\", reference:\"6.3.6-1etch2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"fetchmail\", reference:\"6.3.9~rc2-4+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"fetchmailconf\", reference:\"6.3.9~rc2-4+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:18:02", "description": "This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \\0-character in the certificate's subject name. (CVE-2009-2666)", "cvss3": {}, "published": "2009-08-12T00:00:00", "type": "nessus", "title": "openSUSE Security Update : fetchmail (fetchmail-1179)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:fetchmail", "p-cpe:/a:novell:opensuse:fetchmailconf", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_FETCHMAIL-090807.NASL", "href": "https://www.tenable.com/plugins/nessus/40572", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update fetchmail-1179.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40572);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2666\");\n\n script_name(english:\"openSUSE Security Update : fetchmail (fetchmail-1179)\");\n script_summary(english:\"Check for the fetchmail-1179 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of fetchmail improves SSL certificate validation to stop\npossible man-in-the-middle attacks by inserting \\0-character in the\ncertificate's subject name. (CVE-2009-2666)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=528746\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fetchmail packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fetchmailconf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"fetchmail-6.3.8-134.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"fetchmailconf-6.3.8-134.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fetchmail\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:19", "description": "This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \\0-character in the certificate's subject name. (CVE-2009-2666)", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : fetchmail (YOU Patch Number 12468)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12468.NASL", "href": "https://www.tenable.com/plugins/nessus/41318", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41318);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2666\");\n\n script_name(english:\"SuSE9 Security Update : fetchmail (YOU Patch Number 12468)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of fetchmail improves SSL certificate validation to stop\npossible man-in-the-middle attacks by inserting \\0-character in the\ncertificate's subject name. (CVE-2009-2666)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2666.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12468.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"fetchmail-6.2.5-49.19\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"fetchmailconf-6.2.5-49.19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:35", "description": "This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \\0-character in the certificate's subject name. (CVE-2009-2666)", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 11 Security Update : fetchmail (SAT Patch Number 1171)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:fetchmail", "p-cpe:/a:novell:suse_linux:11:fetchmailconf", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_FETCHMAIL-090807.NASL", "href": "https://www.tenable.com/plugins/nessus/41387", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41387);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2666\");\n\n script_name(english:\"SuSE 11 Security Update : fetchmail (SAT Patch Number 1171)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of fetchmail improves SSL certificate validation to stop\npossible man-in-the-middle attacks by inserting \\0-character in the\ncertificate's subject name. (CVE-2009-2666)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=528746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2666.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1171.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:fetchmailconf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"fetchmail-6.3.8.90-13.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"fetchmail-6.3.8.90-13.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"fetchmail-6.3.8.90-13.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"fetchmailconf-6.3.8.90-13.16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-27T14:26:56", "description": "- Mon Sep 3 2007 Vitezslav Crhonek <vcrhonek at redhat.com> - 6.3.6-3\n\n - Fix license\n\n - Fix fetchmail NULL pointer dereference (CVE-2007-4565) Resolves: #260881\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-09-05T00:00:00", "type": "nessus", "title": "Fedora Core 6 : fetchmail-6.3.6-3.fc6 (2007-689)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:fetchmail", "p-cpe:/a:fedoraproject:fedora:fetchmail-debuginfo", "cpe:/o:fedoraproject:fedora_core:6"], "id": "FEDORA_2007-689.NASL", "href": "https://www.tenable.com/plugins/nessus/25979", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-689.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25979);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2007-689\");\n\n script_name(english:\"Fedora Core 6 : fetchmail-6.3.6-3.fc6 (2007-689)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Sep 3 2007 Vitezslav Crhonek <vcrhonek at\n redhat.com> - 6.3.6-3\n\n - Fix license\n\n - Fix fetchmail NULL pointer dereference (CVE-2007-4565)\n Resolves: #260881\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-September/003624.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?759504ce\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fetchmail and / or fetchmail-debuginfo packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:fetchmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 6.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC6\", reference:\"fetchmail-6.3.6-3.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"fetchmail-debuginfo-6.3.6-3.fc6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fetchmail / fetchmail-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:03:35", "description": "This update fixes a remote denial-of-service attack. (CVE-2007-4565)", "cvss3": {}, "published": "2007-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : fetchmail (ZYPP Patch Number 4462)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_FETCHMAIL-4462.NASL", "href": "https://www.tenable.com/plugins/nessus/29426", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29426);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4565\");\n\n script_name(english:\"SuSE 10 Security Update : fetchmail (ZYPP Patch Number 4462)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"This update fixes a remote denial-of-service attack. (CVE-2007-4565)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-4565.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 4462.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"fetchmail-6.3.2-15.12\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"fetchmail-6.3.2-15.12\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"fetchmailconf-6.3.2-15.12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:20", "description": "- Mon Sep 3 2007 Vitezslav Crhonek <vcrhonek at redhat.com> - 6.3.7-2\n\n - Fix license\n\n - Fix fetchmail NULL pointer dereference (CVE-2007-4565) Resolves: #260861\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-11-06T00:00:00", "type": "nessus", "title": "Fedora 7 : fetchmail-6.3.7-2.fc7 (2007-1983)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:fetchmail", "p-cpe:/a:fedoraproject:fedora:fetchmail-debuginfo", "cpe:/o:fedoraproject:fedora:7"], "id": "FEDORA_2007-1983.NASL", "href": "https://www.tenable.com/plugins/nessus/27742", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-1983.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27742);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-4565\");\n script_xref(name:\"FEDORA\", value:\"2007-1983\");\n\n script_name(english:\"Fedora 7 : fetchmail-6.3.7-2.fc7 (2007-1983)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Sep 3 2007 Vitezslav Crhonek <vcrhonek at\n redhat.com> - 6.3.7-2\n\n - Fix license\n\n - Fix fetchmail NULL pointer dereference (CVE-2007-4565)\n Resolves: #260861\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-September/003558.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?902e2444\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fetchmail and / or fetchmail-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:fetchmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"fetchmail-6.3.7-2.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"fetchmail-debuginfo-6.3.7-2.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fetchmail / fetchmail-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:03", "description": "This update fixes a remote denial-of-service attack. (CVE-2007-4565)", "cvss3": {}, "published": "2007-10-25T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : fetchmail (fetchmail-4490)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:fetchmail", "p-cpe:/a:novell:opensuse:fetchmailconf", "cpe:/o:novell:opensuse:10.1", "cpe:/o:novell:opensuse:10.2", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_FETCHMAIL-4490.NASL", "href": "https://www.tenable.com/plugins/nessus/27572", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update fetchmail-4490.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27572);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4565\");\n\n script_name(english:\"openSUSE 10 Security Update : fetchmail (fetchmail-4490)\");\n script_summary(english:\"Check for the fetchmail-4490 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"This update fixes a remote denial-of-service attack. (CVE-2007-4565)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fetchmail packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fetchmailconf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"fetchmail-6.3.2-15.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"fetchmailconf-6.3.2-15.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"fetchmail-6.3.5-23.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"fetchmailconf-6.3.5-23.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"fetchmail-6.3.8-57.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"fetchmailconf-6.3.8-57.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fetchmail\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:00:31", "description": "Matthias Andree discovered that fetchmail, an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder, can under certain circumstances attempt to dereference a NULL pointer and crash.", "cvss3": {}, "published": "2007-09-24T00:00:00", "type": "nessus", "title": "Debian DSA-1377-2 : fetchmail - NULL pointer dereference", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:fetchmail", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1377.NASL", "href": "https://www.tenable.com/plugins/nessus/26080", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1377. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26080);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-4565\");\n script_bugtraq_id(25495);\n script_xref(name:\"DSA\", value:\"1377\");\n\n script_name(english:\"Debian DSA-1377-2 : fetchmail - NULL pointer dereference\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Matthias Andree discovered that fetchmail, an SSL enabled POP3, APOP\nand IMAP mail gatherer/forwarder, can under certain circumstances\nattempt to dereference a NULL pointer and crash.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2007/dsa-1377\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the fetchmail package.\n\nFor the old stable distribution (sarge), this problem was not present.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 6.3.6-1etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"fetchmail\", reference:\"6.3.6-1etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"fetchmailconf\", reference:\"6.3.6-1etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:00:19", "description": "Matthias Andree reports :\n\nfetchmail will generate warning messages in certain circumstances (for instance, when leaving oversized messages on the server or login to the upstream fails) and send them to the local postmaster or the user running it.\n\nIf this warning message is then refused by the SMTP listener that fetchmail is forwarding the message to, fetchmail crashes and does not collect further messages until it is restarted.", "cvss3": {}, "published": "2007-09-05T00:00:00", "type": "nessus", "title": "FreeBSD : fetchmail -- denial of service on reject of local warning message (45500f74-5947-11dc-87c1-000e2e5785ad)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:fetchmail", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_45500F74594711DC87C1000E2E5785AD.NASL", "href": "https://www.tenable.com/plugins/nessus/25981", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25981);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-4565\");\n\n script_name(english:\"FreeBSD : fetchmail -- denial of service on reject of local warning message (45500f74-5947-11dc-87c1-000e2e5785ad)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Matthias Andree reports :\n\nfetchmail will generate warning messages in certain circumstances (for\ninstance, when leaving oversized messages on the server or login to\nthe upstream fails) and send them to the local postmaster or the user\nrunning it.\n\nIf this warning message is then refused by the SMTP listener that\nfetchmail is forwarding the message to, fetchmail crashes and does not\ncollect further messages until it is restarted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.fetchmail.info/fetchmail-SA-2007-02.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/45500f74-5947-11dc-87c1-000e2e5785ad.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab6e4e30\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"fetchmail>=4.6.8<6.3.8_4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:00:20", "description": "A vulnerability in fetchmail was found where it could crash when attempting to deliver an internal warning or error message through an untrusted or compromised SMTP server, leading to a denial of service.\n\nUpdated packages have been patched to prevent these issues.", "cvss3": {}, "published": "2007-09-14T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : fetchmail (MDKSA-2007:179)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:fetchmail", "p-cpe:/a:mandriva:linux:fetchmail-daemon", "p-cpe:/a:mandriva:linux:fetchmailconf", "cpe:/o:mandriva:linux:2007", "cpe:/o:mandriva:linux:2007.1"], "id": "MANDRAKE_MDKSA-2007-179.NASL", "href": "https://www.tenable.com/plugins/nessus/26046", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:179. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26046);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-4565\");\n script_xref(name:\"MDKSA\", value:\"2007:179\");\n\n script_name(english:\"Mandrake Linux Security Advisory : fetchmail (MDKSA-2007:179)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability in fetchmail was found where it could crash when\nattempting to deliver an internal warning or error message through an\nuntrusted or compromised SMTP server, leading to a denial of service.\n\nUpdated packages have been patched to prevent these issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected fetchmail, fetchmail-daemon and / or fetchmailconf\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fetchmail-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fetchmailconf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", reference:\"fetchmail-6.3.4-3.3mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"fetchmail-daemon-6.3.4-3.3mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"fetchmailconf-6.3.4-3.3mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", reference:\"fetchmail-6.3.6-1.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"fetchmail-daemon-6.3.6-1.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"fetchmailconf-6.3.6-1.2mdv2007.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:46", "description": "This update fixes a remote denial-of-service attack. (CVE-2007-4565)", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : fetchmail (YOU Patch Number 11814)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_11814.NASL", "href": "https://www.tenable.com/plugins/nessus/41154", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41154);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4565\");\n\n script_name(english:\"SuSE9 Security Update : fetchmail (YOU Patch Number 11814)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"This update fixes a remote denial-of-service attack. (CVE-2007-4565)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-4565.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 11814.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"fetchmail-6.2.5-49.17\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"fetchmailconf-6.2.5-49.17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:22", "description": "Matthias Andree reports :\n\nWhen a log message exceeds c. 2 kByte in size, for instance, with very long header contents, and depending on verbosity option, fetchmail can crash or misreport each first log message that requires a buffer reallocation.", "cvss3": {}, "published": "2021-07-30T00:00:00", "type": "nessus", "title": "FreeBSD : fetchmail -- 6.4.19 and older denial of service or information disclosure (cbfd1874-efea-11eb-8fe9-036bd763ff35)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2711", "CVE-2021-36386"], "modified": "2021-08-11T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:fetchmail", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_CBFD1874EFEA11EB8FE9036BD763FF35.NASL", "href": "https://www.tenable.com/plugins/nessus/152150", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(152150);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/11\");\n\n script_cve_id(\"CVE-2008-2711\", \"CVE-2021-36386\");\n\n script_name(english:\"FreeBSD : fetchmail -- 6.4.19 and older denial of service or information disclosure (cbfd1874-efea-11eb-8fe9-036bd763ff35)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Matthias Andree reports :\n\nWhen a log message exceeds c. 2 kByte in size, for instance, with very\nlong header contents, and depending on verbosity option, fetchmail can\ncrash or misreport each first log message that requires a buffer\nreallocation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://sourceforge.net/p/fetchmail/mailman/message/37327392/\"\n );\n # https://vuxml.freebsd.org/freebsd/cbfd1874-efea-11eb-8fe9-036bd763ff35.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?37ccbbb8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36386\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"fetchmail<6.3.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"fetchmail>=6.3.17<6.4.20\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:20", "description": "A vulnerability has been found and corrected in fetchmail :\n\nsocket.c in fetchmail before 6.3.11 does not properly handle a '' (NUL) character in a domain name in the subject's Common Name (CN) and subjectAlt(ernative)Name fields of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2666).\n\nThis update provides a solution to this vulnerability.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0 customers", "cvss3": {}, "published": "2009-08-13T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : fetchmail (MDVSA-2009:201-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2408", "CVE-2009-2666"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:fetchmail", "p-cpe:/a:mandriva:linux:fetchmail-daemon", "p-cpe:/a:mandriva:linux:fetchmailconf", "cpe:/o:mandriva:linux:2008.0"], "id": "MANDRIVA_MDVSA-2009-201.NASL", "href": "https://www.tenable.com/plugins/nessus/40585", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:201. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40585);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-2666\");\n script_xref(name:\"MDVSA\", value:\"2009:201-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : fetchmail (MDVSA-2009:201-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in fetchmail :\n\nsocket.c in fetchmail before 6.3.11 does not properly handle a ''\n(NUL) character in a domain name in the subject's Common Name (CN) and\nsubjectAlt(ernative)Name fields of an X.509 certificate, which allows\nman-in-the-middle attackers to spoof arbitrary SSL servers via a\ncrafted certificate issued by a legitimate Certification Authority, a\nrelated issue to CVE-2009-2408 (CVE-2009-2666).\n\nThis update provides a solution to this vulnerability.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected fetchmail, fetchmail-daemon and / or fetchmailconf\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fetchmail-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fetchmailconf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"fetchmail-6.3.8-4.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"fetchmail-daemon-6.3.8-4.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"fetchmailconf-6.3.8-4.2mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:48:16", "description": "The remote host is affected by the vulnerability described in GLSA-201006-12 (Fetchmail: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been reported in Fetchmail:\n The sdump() function might trigger a heap-based buffer overflow during the escaping of non-printable characters with the high bit set from an X.509 certificate (CVE-2010-0562).\n The vendor reported that Fetchmail does not properly handle Common Name (CN) fields in X.509 certificates that contain an ASCII NUL character. Specifically, the processing of such fields is stopped at the first occurrence of a NUL character. This type of vulnerability was recently discovered by Dan Kaminsky and Moxie Marlinspike (CVE-2009-2666).\n Impact :\n\n A remote attacker could entice a user to connect with Fetchmail to a specially crafted SSL-enabled server in verbose mode, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. NOTE: The issue is only existent on platforms on which char is signed.\n Furthermore, a remote attacker might employ a specially crafted X.509 certificate, containing a NUL character in the Common Name field to conduct man-in-the-middle attacks on SSL connections made using Fetchmail.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2010-06-02T00:00:00", "type": "nessus", "title": "GLSA-201006-12 : Fetchmail: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2666", "CVE-2010-0562"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:fetchmail", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201006-12.NASL", "href": "https://www.tenable.com/plugins/nessus/46779", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201006-12.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46779);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-2666\", \"CVE-2010-0562\");\n script_bugtraq_id(38088);\n script_xref(name:\"GLSA\", value:\"201006-12\");\n\n script_name(english:\"GLSA-201006-12 : Fetchmail: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201006-12\n(Fetchmail: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been reported in Fetchmail:\n The sdump() function might trigger a heap-based buffer overflow\n during the escaping of non-printable characters with the high bit set\n from an X.509 certificate (CVE-2010-0562).\n The vendor reported\n that Fetchmail does not properly handle Common Name (CN) fields in\n X.509 certificates that contain an ASCII NUL character. Specifically,\n the processing of such fields is stopped at the first occurrence of a\n NUL character. This type of vulnerability was recently discovered by\n Dan Kaminsky and Moxie Marlinspike (CVE-2009-2666).\n \nImpact :\n\n A remote attacker could entice a user to connect with Fetchmail to a\n specially crafted SSL-enabled server in verbose mode, possibly\n resulting in the execution of arbitrary code with the privileges of the\n user running the application. NOTE: The issue is only existent on\n platforms on which char is signed.\n Furthermore, a remote attacker might employ a specially crafted X.509\n certificate, containing a NUL character in the Common Name field to\n conduct man-in-the-middle attacks on SSL connections made using\n Fetchmail.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201006-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Fetchmail users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-mail/fetchmail-6.3.14'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-mail/fetchmail\", unaffected:make_list(\"ge 6.3.14\"), vulnerable:make_list(\"lt 6.3.14\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Fetchmail\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:25", "description": "Gaetan Leurent discovered a vulnerability in the APOP protocol based on MD5 collisions. As fetchmail supports the APOP protocol, this vulnerability can be used by attackers to discover a portion of the APOP user's authentication credentials. (CVE-2007-1558)\n\nEarl Chew discovered that fetchmail can be made to de-reference a NULL pointer when contacting SMTP servers. This vulnerability can be used by attackers who control the SMTP server to crash fetchmail and cause a denial of service. (CVE-2007-4565).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-11-10T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 : fetchmail vulnerabilities (USN-520-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1558", "CVE-2007-4565"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:fetchmail", "p-cpe:/a:canonical:ubuntu_linux:fetchmailconf", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:6.10", "cpe:/o:canonical:ubuntu_linux:7.04"], "id": "UBUNTU_USN-520-1.NASL", "href": "https://www.tenable.com/plugins/nessus/28125", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-520-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28125);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-1558\", \"CVE-2007-4565\");\n script_xref(name:\"USN\", value:\"520-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 : fetchmail vulnerabilities (USN-520-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gaetan Leurent discovered a vulnerability in the APOP protocol based\non MD5 collisions. As fetchmail supports the APOP protocol, this\nvulnerability can be used by attackers to discover a portion of the\nAPOP user's authentication credentials. (CVE-2007-1558)\n\nEarl Chew discovered that fetchmail can be made to de-reference a NULL\npointer when contacting SMTP servers. This vulnerability can be used\nby attackers who control the SMTP server to crash fetchmail and cause\na denial of service. (CVE-2007-4565).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/520-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fetchmail and / or fetchmailconf packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fetchmailconf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"fetchmail\", pkgver:\"6.3.2-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"fetchmailconf\", pkgver:\"6.3.2-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"fetchmail\", pkgver:\"6.3.4-1ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"fetchmailconf\", pkgver:\"6.3.4-1ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"fetchmail\", pkgver:\"6.3.6-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"fetchmailconf\", pkgver:\"6.3.6-1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fetchmail / fetchmailconf\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:48", "description": "The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-001 applied.\n\nThis security update contains fixes for the following products :\n\n - AFP Server\n - Apple Pixlet Video\n - CarbonCore\n - CFNetwork\n - Certificate Assistant\n - ClamAV\n - CoreText\n - CUPS\n - DS Tools\n - fetchmail\n - Folder Manager\n - FSEvents\n - Network Time\n - perl\n - Printing\n - python\n - Remote Apple Events\n - Safari RSS\n - servermgrd\n - SMB\n - SquirrelMail\n - X11\n - XTerm", "cvss3": {}, "published": "2009-02-13T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2009-001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1861", "CVE-2006-3467", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1667", "CVE-2007-4565", "CVE-2007-4965", "CVE-2008-1377", "CVE-2008-1379", "CVE-2008-1679", "CVE-2008-1721", "CVE-2008-1806", "CVE-2008-1807", "CVE-2008-1808", "CVE-2008-1887", "CVE-2008-1927", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362", "CVE-2008-2379", "CVE-2008-2711", "CVE-2008-3142", "CVE-2008-3144", "CVE-2008-3663", "CVE-2008-4864", "CVE-2008-5031", "CVE-2008-5050", "CVE-2008-5183", "CVE-2008-5314", "CVE-2009-0009", "CVE-2009-0011", "CVE-2009-0012", "CVE-2009-0013", "CVE-2009-0014", "CVE-2009-0015", "CVE-2009-0017", "CVE-2009-0018", "CVE-2009-0019", "CVE-2009-0020", "CVE-2009-0137", "CVE-2009-0138", "CVE-2009-0139", "CVE-2009-0140", "CVE-2009-0141", "CVE-2009-0142"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2009-001.NASL", "href": "https://www.tenable.com/plugins/nessus/35684", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3004) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35684);\n script_version(\"1.32\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n\n script_cve_id(\"CVE-2006-1861\", \"CVE-2006-3467\", \"CVE-2007-1351\", \"CVE-2007-1352\", \"CVE-2007-1667\",\n \"CVE-2007-4565\", \"CVE-2007-4965\", \"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-1679\",\n \"CVE-2008-1721\", \"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\", \"CVE-2008-1887\",\n \"CVE-2008-1927\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-2360\", \"CVE-2008-2361\",\n \"CVE-2008-2362\", \"CVE-2008-2379\", \"CVE-2008-2711\", \"CVE-2008-3142\", \"CVE-2008-3144\",\n \"CVE-2008-3663\", \"CVE-2008-4864\", \"CVE-2008-5031\", \"CVE-2008-5050\", \"CVE-2008-5183\",\n \"CVE-2008-5314\", \"CVE-2009-0009\", \"CVE-2009-0011\", \"CVE-2009-0012\", \"CVE-2009-0013\",\n \"CVE-2009-0014\", \"CVE-2009-0015\", \"CVE-2009-0017\", \"CVE-2009-0018\", \"CVE-2009-0019\",\n \"CVE-2009-0020\", \"CVE-2009-0137\", \"CVE-2009-0138\", \"CVE-2009-0139\", \"CVE-2009-0140\",\n \"CVE-2009-0141\", \"CVE-2009-0142\");\n script_bugtraq_id(25495, 25696, 28715, 28749, 28928, 29705, 30491, 31976, 32207, 32555,\n 33187, 33796, 33798, 33800, 33806, 33808, 33809, 33810, 33811, 33812,\n 33813, 33814, 33815, 33816, 33820, 33821);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2009-001)\");\n script_summary(english:\"Check for the presence of Security Update 2009-001\");\n\n script_set_attribute( attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\" );\n script_set_attribute( attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.5 or 10.4 that\ndoes not have Security Update 2009-001 applied.\n\nThis security update contains fixes for the following products :\n\n - AFP Server\n - Apple Pixlet Video\n - CarbonCore\n - CFNetwork\n - Certificate Assistant\n - ClamAV\n - CoreText\n - CUPS\n - DS Tools\n - fetchmail\n - Folder Manager\n - FSEvents\n - Network Time\n - perl\n - Printing\n - python\n - Remote Apple Events\n - Safari RSS\n - servermgrd\n - SMB\n - SquirrelMail\n - X11\n - XTerm\" );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/ht3438\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html\"\n );\n script_set_attribute( attribute:\"solution\", value:\n \"Install Security Update 2009-001 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 79, 119, 189, 255, 264, 287, 310, 362, 399);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2009/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2009/02/12\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n exit(0);\n}\n\n#\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\n\nif (egrep(pattern:\"Darwin.* (8\\.[0-9]\\.|8\\.1[01]\\.)\", string:uname))\n{\n packages = get_kb_item(\"Host/MacOSX/packages\");\n if (!packages) exit(1, \"The 'Host/MacOSX/packages' KB item is missing.\");\n\n if (egrep(pattern:\"^SecUpd(Srvr)?(2009-00[1-9]|20[1-9][0-9]-)\", string:packages))\n exit(0, \"The host has Security Update 2009-001 or later installed and therefore is not affected.\");\n else\n security_hole(0);\n}\nelse if (egrep(pattern:\"Darwin.* (9\\.[0-6]\\.)\", string:uname))\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if (!packages) exit(1, \"The 'Host/MacOSX/packages/boms' KB item is missing.\");\n\n if (egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2009\\.00[1-9]|20[1-9][0-9]\\.[0-9]+)\\.bom\", string:packages))\n exit(0, \"The host has Security Update 2009-001 or later installed and therefore is not affected.\");\n else\n security_hole(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:03", "description": "The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.2.\n\nMac OS X 10.6.2 contains security fixes for the following products :\n\n - Adaptive Firewall\n - Apache\n - Apache Portable Runtime\n - Certificate Assistant\n - CoreMedia\n - CUPS\n - Dovecot\n - fetchmail\n - file\n - FTP Server\n - Help Viewer\n - ImageIO\n - IOKit\n - IPSec\n - Kernel\n - Launch Services\n - libsecurity\n - libxml\n - Login Window\n - OpenLDAP\n - QuickDraw Manager\n - QuickTime\n - Screen Sharing\n - Subversion", "cvss3": {}, "published": "2009-11-09T00:00:00", "type": "nessus", "title": "Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0023", "CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1574", "CVE-2009-1632", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1955", "CVE-2009-1956", "CVE-2009-2202", "CVE-2009-2203", "CVE-2009-2285", "CVE-2009-2408", "CVE-2009-2409", "CVE-2009-2411", "CVE-2009-2412", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2666", "CVE-2009-2798", "CVE-2009-2799", "CVE-2009-2808", "CVE-2009-2810", "CVE-2009-2818", "CVE-2009-2820", "CVE-2009-2823", "CVE-2009-2825", "CVE-2009-2830", "CVE-2009-2832", "CVE-2009-2834", "CVE-2009-2835", "CVE-2009-2836", "CVE-2009-2837", "CVE-2009-2839", "CVE-2009-3235"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_6_2.NASL", "href": "https://www.tenable.com/plugins/nessus/42434", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0);\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(42434);\n script_version(\"1.33\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n\n script_cve_id(\n \"CVE-2009-0023\",\n \"CVE-2009-1191\",\n \"CVE-2009-1195\",\n \"CVE-2009-1574\",\n \"CVE-2009-1632\",\n \"CVE-2009-1890\",\n \"CVE-2009-1891\",\n \"CVE-2009-1955\",\n \"CVE-2009-1956\",\n \"CVE-2009-2202\",\n \"CVE-2009-2203\",\n \"CVE-2009-2285\",\n \"CVE-2009-2408\",\n \"CVE-2009-2409\",\n \"CVE-2009-2411\",\n \"CVE-2009-2412\",\n \"CVE-2009-2414\",\n \"CVE-2009-2416\",\n \"CVE-2009-2666\",\n \"CVE-2009-2798\",\n \"CVE-2009-2799\",\n \"CVE-2009-2808\",\n \"CVE-2009-2810\",\n \"CVE-2009-2818\",\n \"CVE-2009-2820\",\n \"CVE-2009-2823\",\n \"CVE-2009-2825\",\n \"CVE-2009-2830\",\n \"CVE-2009-2832\",\n \"CVE-2009-2834\",\n \"CVE-2009-2835\",\n \"CVE-2009-2836\",\n \"CVE-2009-2837\",\n \"CVE-2009-2839\",\n \"CVE-2009-3235\"\n );\n script_bugtraq_id(\n 34663,\n 35115,\n 35221,\n 35251,\n 35451,\n 35565,\n 35623,\n 35888,\n 35983,\n 36328,\n 36377,\n 36963,\n 36964,\n 36974,\n 36975,\n 36977,\n 36979,\n 36983,\n 36984,\n 36985,\n 36987,\n 36990\n );\n\n script_name(english:\"Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities\");\n script_summary(english:\"Check the version of Mac OS X\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.6.x that is prior\nto 10.6.2.\n\nMac OS X 10.6.2 contains security fixes for the following products :\n\n - Adaptive Firewall\n - Apache\n - Apache Portable Runtime\n - Certificate Assistant\n - CoreMedia\n - CUPS\n - Dovecot\n - fetchmail\n - file\n - FTP Server\n - Help Viewer\n - ImageIO\n - IOKit\n - IPSec\n - Kernel\n - Launch Services\n - libsecurity\n - libxml\n - Login Window\n - OpenLDAP\n - QuickDraw Manager\n - QuickTime\n - Screen Sharing\n - Subversion\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT3937\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.securityfocus.com/advisories/18255\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to Mac OS X 10.6.2 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 79, 119, 189, 264, 310, 362, 399);\n script_set_attribute(\n attribute:\"vuln_publication_date\", \n value:\"2009/11/09\"\n );\n script_set_attribute(\n attribute:\"patch_publication_date\", \n value:\"2009/11/09\"\n );\n script_set_attribute(\n attribute:\"plugin_publication_date\", \n value:\"2009/11/09\"\n );\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n \n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n \n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item(\"Host/OS\");\n c = get_kb_item(\"Host/OS/Confidence\");\n if ( isnull(os) || c <= 70 ) exit(0);\n}\nif (!os) exit(1, \"The 'Host/OS' KB item is missing.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.6($|\\.[01]([^0-9]|$))\", string:os)) security_hole(0);\nelse exit(0, \"The host is not affected as it is running \"+os+\".\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:39", "description": "The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied.\n\nThis security update contains fixes for the following products :\n\n - AFP Client\n - Adaptive Firewall\n - Apache\n - Apache Portable Runtime\n - ATS\n - Certificate Assistant\n - CoreGraphics\n - CUPS\n - Dictionary\n - DirectoryService\n - Disk Images\n - Event Monitor\n - fetchmail\n - FTP Server\n - Help Viewer\n - International Components for Unicode\n - IOKit\n - IPSec\n - libsecurity\n - libxml\n - OpenLDAP\n - OpenSSH\n - PHP\n - QuickDraw Manager\n - QuickLook\n - FreeRADIUS\n - Screen Sharing\n - Spotlight\n - Subversion", "cvss3": {}, "published": "2009-11-09T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2009-006)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5707", "CVE-2007-6698", "CVE-2008-0658", "CVE-2008-5161", "CVE-2009-0023", "CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1574", "CVE-2009-1632", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1955", "CVE-2009-1956", "CVE-2009-2408", "CVE-2009-2409", "CVE-2009-2411", "CVE-2009-2412", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2666", "CVE-2009-2808", "CVE-2009-2818", "CVE-2009-2819", "CVE-2009-2820", "CVE-2009-2823", "CVE-2009-2824", "CVE-2009-2825", "CVE-2009-2826", "CVE-2009-2827", "CVE-2009-2828", "CVE-2009-2829", "CVE-2009-2831", "CVE-2009-2832", "CVE-2009-2833", "CVE-2009-2834", "CVE-2009-2837", "CVE-2009-2838", "CVE-2009-2839", "CVE-2009-2840", "CVE-2009-3111", "CVE-2009-3291", "CVE-2009-3292", "CVE-2009-3293"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2009-006.NASL", "href": "https://www.tenable.com/plugins/nessus/42433", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0);\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(42433);\n script_version(\"1.27\");\n\n script_cve_id(\n \"CVE-2007-5707\",\n \"CVE-2007-6698\",\n \"CVE-2008-0658\",\n \"CVE-2008-5161\",\n \"CVE-2009-0023\",\n \"CVE-2009-1191\",\n \"CVE-2009-1195\",\n \"CVE-2009-1574\",\n \"CVE-2009-1632\",\n \"CVE-2009-1890\",\n \"CVE-2009-1891\",\n \"CVE-2009-1955\",\n \"CVE-2009-1956\",\n \"CVE-2009-2408\",\n \"CVE-2009-2409\",\n \"CVE-2009-2411\",\n \"CVE-2009-2412\",\n \"CVE-2009-2414\",\n \"CVE-2009-2416\",\n \"CVE-2009-2666\",\n \"CVE-2009-2808\",\n \"CVE-2009-2818\",\n \"CVE-2009-2819\",\n \"CVE-2009-2820\",\n \"CVE-2009-2823\",\n \"CVE-2009-2824\",\n \"CVE-2009-2825\",\n \"CVE-2009-2826\",\n \"CVE-2009-2827\",\n \"CVE-2009-2828\",\n \"CVE-2009-2829\",\n \"CVE-2009-2831\",\n \"CVE-2009-2832\",\n \"CVE-2009-2833\",\n \"CVE-2009-2834\",\n \"CVE-2009-2837\",\n \"CVE-2009-2838\",\n \"CVE-2009-2839\",\n \"CVE-2009-2840\",\n \"CVE-2009-3111\",\n \"CVE-2009-3291\",\n \"CVE-2009-3292\",\n \"CVE-2009-3293\"\n );\n script_bugtraq_id(\n 26245,\n 27778,\n 34663,\n 35115,\n 35221,\n 35251,\n 35565,\n 35623,\n 35888,\n 35983,\n 36263,\n 36449,\n 36959,\n 36961,\n 36962,\n 36963,\n 36964,\n 36966,\n 36967,\n 36972,\n 36973,\n 36975,\n 36977,\n 36978,\n 36979,\n 36982,\n 36985,\n 36988,\n 36990\n );\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2009-006)\");\n script_summary(english:\"Check for the presence of Security Update 2009-006\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.5 that does not\nhave Security Update 2009-006 applied.\n\nThis security update contains fixes for the following products :\n\n - AFP Client\n - Adaptive Firewall\n - Apache\n - Apache Portable Runtime\n - ATS\n - Certificate Assistant\n - CoreGraphics\n - CUPS\n - Dictionary\n - DirectoryService\n - Disk Images\n - Event Monitor\n - fetchmail\n - FTP Server\n - Help Viewer\n - International Components for Unicode\n - IOKit\n - IPSec\n - libsecurity\n - libxml\n - OpenLDAP\n - OpenSSH\n - PHP\n - QuickDraw Manager\n - QuickLook\n - FreeRADIUS\n - Screen Sharing\n - Spotlight\n - Subversion\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT3937\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.securityfocus.com/advisories/18255\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install Security Update 2009-006 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 79, 119, 189, 200, 255, 264, 310, 399);\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/09\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\n\npat = \"^.+Darwin.* ([0-9]+\\.[0-9.]+).*$\";\nif (!ereg(pattern:pat, string:uname)) exit(1, \"Can't identify the Darwin kernel version from the uname output (\"+uname+\").\");\n\ndarwin = ereg_replace(pattern:pat, replace:\"\\1\", string:uname);\nif (ereg(pattern:\"^(9\\.[0-8]\\.)\", string:darwin))\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if (!packages) exit(1, \"The 'Host/MacOSX/packages/boms' KB item is missing.\");\n\n if (egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2009\\.00[6-9]|20[1-9][0-9]\\.[0-9]+)\\.bom\", string:packages))\n exit(0, \"The host has Security Update 2009-006 or later installed and therefore is not affected.\");\n else\n security_hole(0);\n}\nelse exit(0, \"The host is running Darwin kernel version \"+darwin+\" and therefore is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "centos": [{"lastseen": "2023-05-31T16:17:11", "description": "**CentOS Errata and Security Advisory** CESA-2009:1427\n\n\nFetchmail is a remote mail retrieval and forwarding utility intended for\nuse over on-demand TCP/IP links, such as SLIP and PPP connections.\n\nIt was discovered that fetchmail is affected by the previously published\n\"null prefix attack\", caused by incorrect handling of NULL characters in\nX.509 certificates. If an attacker is able to get a carefully-crafted\ncertificate signed by a trusted Certificate Authority, the attacker could\nuse the certificate during a man-in-the-middle attack and potentially\nconfuse fetchmail into accepting it by mistake. (CVE-2009-2666)\n\nA flaw was found in the way fetchmail handles rejections from a remote SMTP\nserver when sending warning mail to the postmaster. If fetchmail sent a\nwarning mail to the postmaster of an SMTP server and that SMTP server\nrejected it, fetchmail could crash. (CVE-2007-4565)\n\nA flaw was found in fetchmail. When fetchmail is run in double verbose\nmode (\"-v -v\"), it could crash upon receiving certain, malformed mail\nmessages with long headers. A remote attacker could use this flaw to cause\na denial of service if fetchmail was also running in daemon mode (\"-d\").\n(CVE-2008-2711)\n\nNote: when using SSL-enabled services, it is recommended that the fetchmail\n\"--sslcertck\" option be used to enforce strict SSL certificate checking.\n\nAll fetchmail users should upgrade to this updated package, which contains\nbackported patches to correct these issues. If fetchmail is running in\ndaemon mode, it must be restarted for this update to take effect (use the\n\"fetchmail --quit\" command to stop the fetchmail process).\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2009-October/065701.html\nhttps://lists.centos.org/pipermail/centos-announce/2009-October/065702.html\nhttps://lists.centos.org/pipermail/centos-announce/2009-September/065600.html\nhttps://lists.centos.org/pipermail/centos-announce/2009-September/065601.html\nhttps://lists.centos.org/pipermail/centos-announce/2009-September/065602.html\nhttps://lists.centos.org/pipermail/centos-announce/2009-September/065603.html\nhttps://lists.centos.org/pipermail/centos-announce/2009-September/065634.html\nhttps://lists.centos.org/pipermail/centos-announce/2009-September/065635.html\n\n**Affected packages:**\nfetchmail\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2009:1427", "cvss3": {}, "published": "2009-09-08T17:07:54", "type": "centos", "title": "fetchmail security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4565", "CVE-2008-2711", "CVE-2009-2666"], "modified": "2009-10-30T14:43:49", "id": "CESA-2009:1427", "href": "https://lists.centos.org/pipermail/centos-announce/2009-September/065600.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "altlinux": [{"lastseen": "2023-03-31T19:18:53", "description": "Dec. 1, 2008 Afanasov Dmitry 6.3.9-alt1\n \n \n - 6.3.9\n + CVE-2007-4565: Denial of service\n + CVE-2008-2711: Denial of service\n + close memory leak when SSL connection fails\n and other\n - remove obsolete update_menus/clean_menus macroses\n", "cvss3": {}, "published": "2008-12-01T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 5 package fetchmail version 6.3.9-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4565", "CVE-2008-2711"], "modified": "2008-12-01T00:00:00", "id": "A19360BE5805149A573145A2DF7B635A", "href": "https://packages.altlinux.org/en/p5/srpms/fetchmail/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-31T19:19:53", "description": "Dec. 1, 2008 Afanasov Dmitry 6.3.9-alt1\n \n \n - 6.3.9\n + CVE-2007-4565: Denial of service\n + CVE-2008-2711: Denial of service\n + close memory leak when SSL connection fails\n and other\n - remove obsolete update_menus/clean_menus macroses\n", "cvss3": {}, "published": "2008-12-01T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 6 package fetchmail version 6.3.9-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4565", "CVE-2008-2711"], "modified": "2008-12-01T00:00:00", "id": "EA3CF5A171C000543432997BE8A06462", "href": "https://packages.altlinux.org/en/p6/srpms/fetchmail/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-31T19:18:53", "description": "Jan. 1, 2010 Afanasov Dmitry 6.3.13-alt1\n \n \n - 6.3.13\n + new \"softbounce\" global option;\n + CVE-2009-2666: improper SSL/TLS X.509 certificates validation (fixed\n in 6.3.11);\n + translation updates;\n see NEWS for details.\n", "cvss3": {}, "published": "2010-01-01T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 5 package fetchmail version 6.3.13-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2666"], "modified": "2010-01-01T00:00:00", "id": "DF91269CD3A9976BE355F37CE9A8DC69", "href": "https://packages.altlinux.org/en/p5/srpms/fetchmail/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-03-31T19:19:52", "description": "Jan. 1, 2010 Afanasov Dmitry 6.3.13-alt1\n \n \n - 6.3.13\n + new \"softbounce\" global option;\n + CVE-2009-2666: improper SSL/TLS X.509 certificates validation (fixed\n in 6.3.11);\n + translation updates;\n see NEWS for details.\n", "cvss3": {}, "published": "2010-01-01T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 6 package fetchmail version 6.3.13-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2666"], "modified": "2010-01-01T00:00:00", "id": "A479F28BA82F30723CE8029B52A89B54", "href": "https://packages.altlinux.org/en/p6/srpms/fetchmail/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-03-31T19:18:53", "description": "Sept. 5, 2007 Michael Shigorin 6.3.8-alt4\n \n \n - added patch from fetchmail-SA-2007-02 fixing CVE-2007-4565:\n NULL pointer dereference trigged by outside circumstances\n", "cvss3": {}, "published": "2007-09-05T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 5 package fetchmail version 6.3.8-alt4", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4565"], "modified": "2007-09-05T00:00:00", "id": "16B72590C134C7EA6CB868CB2D619469", "href": "https://packages.altlinux.org/en/p5/srpms/fetchmail/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-31T19:19:53", "description": "Sept. 5, 2007 Michael Shigorin 6.3.8-alt4\n \n \n - added patch from fetchmail-SA-2007-02 fixing CVE-2007-4565:\n NULL pointer dereference trigged by outside circumstances\n", "cvss3": {}, "published": "2007-09-05T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 6 package fetchmail version 6.3.8-alt4", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4565"], "modified": "2007-09-05T00:00:00", "id": "406DCD60A0E94A77AF44200ABD7B468F", "href": "https://packages.altlinux.org/en/p6/srpms/fetchmail/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:30", "description": "NULL pointer dereference, uninitialized pointer dereference.", "cvss3": {}, "published": "2008-06-17T00:00:00", "type": "securityvulns", "title": "fetchmail multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2007-4565", "CVE-2008-2711"], "modified": "2008-06-17T00:00:00", "id": "SECURITYVULNS:VULN:9095", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9095", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:26", "description": "fetchmail-SA-2008-01: Crash on large log messages in verbose mode\r\n\r\nTopics: Crash in large log messages in verbose mode.\r\n\r\nAuthor: Matthias Andree\r\nVersion: 1.0\r\nAnnounced: 2008-06-17\r\nType: Dereferencing garbage pointer trigged by outside circumstances\r\nImpact: denial of service possible\r\nDanger: low\r\nCVSS V2 vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C)\r\n\r\nCredits: Petr Uzel (fix), Petr Cerny (analysis), Gunter Nau (bug report)\r\nCVE Name: CVE-2008-2711\r\nURL: http://www.fetchmail.info/fetchmail-SA-2008-01.txt\r\nProject URL: http://www.fetchmail.info/\r\n\r\nAffects: fetchmail release < 6.3.9 exclusively\r\n\r\nNot affected: fetchmail release 6.3.9 and newer\r\n systems without varargs (stdargs.h) support.\r\n\r\nCorrected: 2008-06-13 fetchmail SVN (rev 5193)\r\n\r\nReferences: <https://bugzilla.novell.com/show_bug.cgi?id=354291>\r\n <http://developer.berlios.de/patch/?func=detailpatch&patch_id=2492&group_id=1824>\r\n\r\n\r\n0. Release history\r\n==================\r\n\r\n2008-06-13 1.0 first draft for MITRE/CVE (visible in SVN,\r\n posted to oss-security)\r\n2008-06-17 1.0 published on http://www.fetchmail.info/\r\n\r\n\r\n1. Background\r\n=============\r\n\r\nfetchmail is a software package to retrieve mail from remote POP2, POP3,\r\nIMAP, ETRN or ODMR servers and forward it to local SMTP, LMTP servers or\r\nmessage delivery agents.\r\n\r\nfetchmail ships with a graphical, Python/Tkinter based configuration\r\nutility named "fetchmailconf" to help the user create configuration (run\r\ncontrol) files for fetchmail.\r\n\r\n\r\n2. Problem description and Impact\r\n=================================\r\n\r\nGunter Nau reported fetchmail crashing on some messages; further\r\ndebugging by Petr Uzel and Petr Cerny at Novell/SUSE Czech Republic\r\ndug up that this happened when fetchmail was trying to print, in -v -v\r\nverbose level, headers exceeding 2048 bytes. In this situation,\r\nfetchmail would resize the buffer and fill in further parts of the\r\nmessage, but forget to reinitialize its va_list typed source pointer,\r\nthus reading data from a garbage address found on the stack at\r\naddresses above the function arguments the caller passed in; usually\r\nthat would be the caller's stack frame.\r\n\r\nIt is unknown whether code can be injected remotely, but given that\r\nthe segmentation fault is caused by read accesses, the relevant data\r\nis not under the remote attacker's control and no buffer overrun\r\nsituation is present that would allow altering program /flow/, it is\r\ndeemed rather unlikely that code can be injected.\r\n\r\nNote that the required -vv configuration at hand is both non-default\r\nand also not common in automated (cron job) setups, but usually used\r\nin manual debugging, so not many systems would be affected by the\r\nproblem. Nonetheless, in vulnerable configurations, it is remotely\r\nexploitable to effect a denial of service attack.\r\n\r\n\r\n\r\n3. Solution\r\n===========\r\n\r\nThere are two alternatives, either of them by itself is sufficient:\r\n\r\na. Apply the patch found in section B of this announcement to\r\n fetchmail 6.3.8, recompile and reinstall it.\r\n\r\nb. Install fetchmail 6.3.9 or newer after it will have become available.\r\n The fetchmail source code is always available from\r\n <http://developer.berlios.de/project/showfiles.php?group_id=1824>.\r\n\r\n\r\n4. Workaround\r\n=============\r\n\r\nRun fetchmail at low verbosity, avoid using two or three -v arguments;\r\ninternal messages are short and do not contain external message\r\nsources so they do not cause buffer resizing. It is recommended to\r\nreplace the vulnerable code by a fixed version (see previous\r\nsection 3. Solution) as soon as reasonably possible.\r\n\r\n\r\nA. Copyright, License and Warranty\r\n==================================\r\n\r\n(C) Copyright 2008 by Matthias Andree, <matthias.andree@gmx.de>.\r\nSome rights reserved.\r\n\r\nThis work is licensed under the Creative Commons\r\nAttribution-NonCommercial-NoDerivs German License. To view a copy of\r\nthis license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/\r\nor send a letter to Creative Commons; 559 Nathan Abbott Way;\r\nStanford, California 94305; USA.\r\n\r\nTHIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.\r\nUse the information herein at your own risk.\r\n\r\n\r\n\r\nB. Patch to remedy the problem\r\n==============================\r\n\r\ndiff --git a/report.c b/report.c\r\nindex 31d4e48..2a731ac 100644\r\n--- a/report.c\r\n+++ b/report.c\r\n@@ -238,11 +238,17 @@ report_build (FILE *errfp, message, va_alist)\r\n rep_ensuresize();\r\n \r\n #if defined(VA_START)\r\n- VA_START (args, message);\r\n for ( ; ; )\r\n {\r\n+ /*\r\n+ * args has to be initialized before every call of vsnprintf(), \r\n+ * because vsnprintf() invokes va_arg macro and thus args is \r\n+ * undefined after the call.\r\n+ */\r\n+ VA_START(args, message);\r\n n = vsnprintf (partial_message + partial_message_size_used, partial_message_size -\r\npartial_message_size_used,\r\n message, args);\r\n+ va_end (args);\r\n \r\n if (n >= 0\r\n && (unsigned)n < partial_message_size - partial_message_size_used)\r\n@@ -254,7 +260,6 @@ report_build (FILE *errfp, message, va_alist)\r\n partial_message_size += 2048;\r\n partial_message = REALLOC (partial_message, partial_message_size);\r\n }\r\n- va_end (args);\r\n #else\r\n for ( ; ; )\r\n {\r\n\r\nEND OF fetchmail-SA-2008-01.txt", "cvss3": {}, "published": "2008-06-17T00:00:00", "type": "securityvulns", "title": "fetchmail security announcement fetchmail-SA-2008-01 (CVE-2008-2711)", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2008-2711"], "modified": "2008-06-17T00:00:00", "id": "SECURITYVULNS:DOC:20058", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20058", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:31", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1852-1 security@debian.org\r\nhttp://www.debian.org/security/ Nico Golde\r\nAugust 7th, 2009 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : fetchmail\r\nVulnerability : insufficient input validation\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2009-2666\r\n\r\nIt was discovered that fetchmail, a full-featured remote mail retrieval\r\nand forwarding utility, is vulnerable to the "Null Prefix Attacks Against\r\nSSL/TLS Certificates" recently published at the Blackhat conference.\r\nThis allows an attacker to perform undetected man-in-the-middle attacks\r\nvia a crafted ITU-T X.509 certificate with an injected null byte in the\r\nsubjectAltName or Common Name fields.\r\n\r\nNote, as a fetchmail user you should always use strict certificate\r\nvalidation through either these option combinations:\r\n sslcertck ssl sslproto ssl3 (for service on SSL-wrapped ports)\r\nor\r\n sslcertck sslproto tls1 (for STARTTLS-based services)\r\n\r\n\r\nFor the oldstable distribution (etch), this problem has been fixed in\r\nversion 6.3.6-1etch2.\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in\r\nversion 6.3.9~rc2-4+lenny1.\r\n\r\nFor the testing distribution (squeeze), this problem will be fixed soon.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 6.3.9~rc2-6.\r\n\r\n\r\nWe recommend that you upgrade your fetchmail packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\nDebian (oldstable)\r\n- ------------------\r\n\r\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390\r\nand sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2.dsc\r\n Size/MD5 checksum: 882 5d96480a102ad30f66dbac6bcbae1037\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6.orig.tar.gz\r\n Size/MD5 checksum: 1680200 04175459cdf32fdb10d9e8fc46b633c3\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2.diff.gz\r\n Size/MD5 checksum: 45665 a51b0544434e51577863032336812bd6\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.3.6-1etch2_all.deb\r\n Size/MD5 checksum: 61444 f65648771182f763268cbc7fd643da8b\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_alpha.deb\r\n Size/MD5 checksum: 666592 289c6c238d70e71771d5c0c87b764a87\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_amd64.deb\r\n Size/MD5 checksum: 649604 8d2e4ff30c29e9e67831ec9aab5a567e\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_arm.deb\r\n Size/MD5 checksum: 645170 928f041ad7b0311ac0188e4e6ca6256f\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_hppa.deb\r\n Size/MD5 checksum: 658340 511591dee94637fe440c6a737a3fd880\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_i386.deb\r\n Size/MD5 checksum: 642772 5ddc7364f8f34b1b12d1e5b17ff9ac6d\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_ia64.deb\r\n Size/MD5 checksum: 700924 6d7f77eca56a191e0fab3bdf8fa98c37\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_powerpc.deb\r\n Size/MD5 checksum: 647274 771f97aa2d2029135185afcbf05b605c\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_s390.deb\r\n Size/MD5 checksum: 647026 f2ac2a5ce6f648b7d88948530456d02d\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_sparc.deb\r\n Size/MD5 checksum: 640688 974ffde76095f1fa184cf1eced7b7dae\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nDebian (stable)\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc,\r\ns390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1.dsc\r\n Size/MD5 checksum: 1375 39a3debdf4c4cf3e313c75e5688209ca\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1.diff.gz\r\n Size/MD5 checksum: 46891 a2715b1768546ea2d7a3c8a518aa8188\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2.orig.tar.gz\r\n Size/MD5 checksum: 1711087 200ece6f73ac28ccda7aea42ea4e492d\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.3.9~rc2-4+lenny1_all.deb\r\n Size/MD5 checksum: 63124 1cd8fa8a8367a1bc8f1d30ff2d8ff3ee\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_alpha.deb\r\n Size/MD5 checksum: 680224 1a2ddefc8a90da5e2d31291f1101442c\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_amd64.deb\r\n Size/MD5 checksum: 668616 65015cc17b556da2e44ef1496171e9fd\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_arm.deb\r\n Size/MD5 checksum: 663090 4b4fccf839ee8b6f1f94a997ac911179\r\n\r\narmel architecture (ARM EABI)\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_armel.deb\r\n Size/MD5 checksum: 662018 837c3029b01e180f2447ff0f19555dc5\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_hppa.deb\r\n Size/MD5 checksum: 673570 7dbce7d81c38e4fa9562626610b09f65\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_i386.deb\r\n Size/MD5 checksum: 657844 a9e357f91278e9108018725c96eeb8ae\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_ia64.deb\r\n Size/MD5 checksum: 719116 4b2f362a01870c0770f010bcc5012aad\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_mips.deb\r\n Size/MD5 checksum: 664870 2abf34330924241ce890b703709c5895\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_mipsel.deb\r\n Size/MD5 checksum: 663906 88af289787ec5fd46c83f28a0de65849\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_powerpc.deb\r\n Size/MD5 checksum: 669542 7c9a426df9ef71c0420ccb030e5d422b\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_s390.deb\r\n Size/MD5 checksum: 666976 6aa0fd370bd06f3c39d9230c82cde208\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_sparc.deb\r\n Size/MD5 checksum: 658912 699f23466f0003f7f38f02111d5a3363\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niEYEARECAAYFAkp8SOQACgkQHYflSXNkfP+eXQCcDixwhyFyyKjaS34HJEe9g71L\r\nXKoAn3eTMd0qbvNi/4AVoGIBIjTDALlh\r\n=O0zh\r\n-----END PGP SIGNATURE-----", "cvss3": {}, "published": "2009-08-08T00:00:00", "type": "securityvulns", "title": "[SECURITY] [DSA 1852-1] New fetchmail packages fix SSL certificate verification weakness", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2009-08-08T00:00:00", "id": "SECURITYVULNS:DOC:22268", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22268", "sourceData": "", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:33", "description": "It's possible to spoof certificate name with NULL byte in prefix.", "cvss3": {}, "published": "2009-08-08T00:00:00", "type": "securityvulns", "title": "fetchmail certificate spoofing", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2009-08-08T00:00:00", "id": "SECURITYVULNS:VULN:10125", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10125", "sourceData": "", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:23", "description": "rPath Security Advisory: 2007-0178-1\r\nPublished: 2007-09-05\r\nProducts: rPath Linux 1\r\nRating: Minor\r\nExposure Level Classification:\r\nIndirect User Non-deterministic Denial of Service\r\nUpdated Versions:\r\nfetchmail=/conary.rpath.com@rpl:devel//1/6.3.8-0.3-1\r\n\r\nReferences:\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565\r\nhttps://issues.rpath.com/browse/RPL-1690\r\n\r\nDescription:\r\nPrevious versions of the fetchmail package may crash when attempting\r\nto deliver an internal warning or error message through an untrusted\r\nor compromised SMTP server, leading to a possible Denial of Service.\r\n\r\nCopyright 2007 rPath, Inc.\r\nThis file is distributed under the terms of the MIT License.\r\nA copy is available at http://www.rpath.com/permanent/mit-license.html\r\n", "cvss3": {}, "published": "2007-09-06T00:00:00", "type": "securityvulns", "title": "rPSA-2007-0178-1 fetchmail", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2007-09-06T00:00:00", "id": "SECURITYVULNS:DOC:17944", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17944", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:26", "description": "fetchmail-SA-2007-02: Crash when a local warning message is rejected\r\n\r\nTopics: Crash when a fetchmail-generated warning message is rejected\r\n\r\nAuthor: Matthias Andree\r\nVersion: 1.1\r\nAnnounced: 2007-08-28\r\nType: NULL pointer dereference trigged by outside circumstances\r\nImpact: denial of service possible\r\nDanger: low\r\nCVSS V2 vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C/E:?/RL:O/RC:C)\r\n \r\nCredits: Earl Chew\r\nCVE Name: CVE-2007-4565\r\nURL: http://www.fetchmail.info/fetchmail-SA-2007-02.txt\r\nProject URL: http://www.fetchmail.info/\r\n\r\nAffects: fetchmail release < 6.3.9 exclusively\r\n\r\nNot affected: fetchmail release 6.3.9 and newer\r\n fetchmail releases < 4.6.8 exclusively\r\n\r\nCorrected: 2007-07-29 fetchmail SVN (rev 5119)\r\n\r\n\r\n0. Release history\r\n==================\r\n\r\n2007-07-29 1.0 first draft for MITRE/CVE (visible in SVN)\r\n2007-08-28 1.1 reworked, added fix, official release\r\n\r\n\r\n1. Background\r\n=============\r\n\r\nfetchmail is a software package to retrieve mail from remote POP2, POP3,\r\nIMAP, ETRN or ODMR servers and forward it to local SMTP, LMTP servers or\r\nmessage delivery agents.\r\n\r\nfetchmail ships with a graphical, Python/Tkinter based configuration\r\nutility named "fetchmailconf" to help the user create configuration (run\r\ncontrol) files for fetchmail.\r\n\r\n\r\n2. Problem description and Impact\r\n=================================\r\n\r\nfetchmail will generate warning messages in certain circumstances and \r\nsend them to the local postmaster or the user starting it. Such warning \r\nmessages can be generated, for instance, if logging into an upstream \r\nserver fails repeatedly or if messages beyond the size limit (if \r\nconfigured, default: no limit) are left on the server.\r\n\r\nIf this warning message is then refused by the SMTP listener that \r\nfetchmail is forwarding the message to, fetchmail attempts to \r\ndereference a NULL pointer when trying to find out if it should allow a \r\nbounce message to be sent.\r\n\r\nThis causes fetchmail to crash and not collect further messages until it \r\nis restarted.\r\n\r\nRisk assessment: low. In default configuration, fetchmail will talk \r\nthrough the loopback interface, that means to the SMTP server on the same \r\ncomputer as it is running on. Otherwise, it will commonly be configured \r\nto talk to trusted SMTP servers, so a compromise or misconfiguration of \r\na trusted or the same computer is required to exploit this problem - \r\nwhich usually opens up much easier ways of denying service, or worse.\r\n\r\n\r\n3. Solution\r\n===========\r\n\r\nThere are two alternatives, either of them by itself is sufficient:\r\n\r\na. Apply the patch found in section B of this announcement to fetchmail 6.3.8,\r\n recompile and reinstall it.\r\n\r\nb. Install fetchmail 6.3.9 or newer when it becomes available. The \r\n fetchmail source code is available from \r\n <http://developer.berlios.de/project/showfiles.php?group_id=1824>.\r\n\r\nNote there are no workarounds presented here since all known workarounds \r\nare more intrusive than the actual solution.\r\n\r\n\r\nA. Copyright, License and Warranty\r\n==================================\r\n\r\n(C) Copyright 2007 by Matthias Andree, <matthias.andree@gmx.de>.\r\nSome rights reserved.\r\n\r\nThis work is licensed under the Creative Commons\r\nAttribution-NonCommercial-NoDerivs German License. To view a copy of\r\nthis license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/\r\nor send a letter to Creative Commons; 559 Nathan Abbott Way;\r\nStanford, California 94305; USA.\r\n\r\nTHIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.\r\nUse the information herein at your own risk.\r\n\r\n\r\n\r\nB. Patch to remedy the problem\r\n==============================\r\n\r\nIndex: sink.c\r\n===================================================================\r\n--- sink.c (revision 5118)\r\n+++ sink.c (revision 5119)\r\n@@ -262,7 +262,7 @@\r\n const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@";\r\n \r\n /* don't bounce in reply to undeliverable bounces */\r\n- if (!msg->return_path[0] ||\r\n+ if (!msg || !msg->return_path[0] ||\r\n strcmp(msg->return_path, "<>") == 0 ||\r\n strcasecmp(msg->return_path, md1) == 0 ||\r\n strncasecmp(msg->return_path, md2, strlen(md2)) == 0)\r\n\r\nEND OF fetchmail-SA-2007-02.txt", "cvss3": {}, "published": "2008-06-17T00:00:00", "type": "securityvulns", "title": "fetchmail security announcement fetchmail-SA-2007-02 (CVE-2007-4565)", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2008-06-17T00:00:00", "id": "SECURITYVULNS:DOC:20057", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20057", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:26", "description": "DoS on delivering mail report thorugh SMTP server.", "cvss3": {}, "published": "2007-09-06T00:00:00", "type": "securityvulns", "title": "Fetchmail mail delivery DoS", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2007-09-06T00:00:00", "id": "SECURITYVULNS:VULN:8123", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8123", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:31", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nfetchmail-SA-2009-01: Improper SSL certificate subject verification\r\n\r\nTopics: Improper SSL certificate subject verification\r\n\r\nAuthor: Matthias Andree\r\nVersion: 1.0\r\nAnnounced: 2009-08-06\r\nType: Allows undetected Man-in-the-middle attacks against SSL/TLS.\r\nImpact: Credential disclose to eavesdroppers.\r\nDanger: medium\r\nCVSSv2 vectors: (AV:N/AC:M/Au:N/C:P/I:N/A:N) (E:H/RL:OF/RC:C)\r\n\r\nCVE Name: CVE-2009-2666\r\nURL: http://www.fetchmail.info/fetchmail-SA-2009-01.txt\r\nProject URL: http://www.fetchmail.info/\r\n\r\nAffects: fetchmail releases up to and including 6.3.10\r\n\r\nNot affected: fetchmail release 6.3.11 and newer\r\n\r\nCorrected: 2009-08-04 fetchmail SVN (rev 5389)\r\n\r\nReferences: "Null Prefix Attacks Against SSL/TLS Certificates",\r\n Moxie Marlinspike, 2009-07-29, Defcon 17, Blackhat 09.\r\n\r\n CVE-2009-2408, Mozilla Firefox <3.5 and NSS <3.12.3\r\n improper handling of '\0' characters in domain names in\r\n the Subject CN field of X.509 certificates.\r\n\r\n\r\n0. Release history\r\n==================\r\n\r\n2009-08-05 0.1 first draft (visible in SVN)\r\n2009-08-06 1.0 first release\r\n\r\n\r\n1. Background\r\n=============\r\n\r\nfetchmail is a software package to retrieve mail from remote POP2, POP3,\r\nIMAP, ETRN or ODMR servers and forward it to local SMTP, LMTP servers or\r\nmessage delivery agents. It supports SSL and TLS security layers through\r\nthe OpenSSL library, if enabled at compile time and if also enabled at\r\nrun time.\r\n\r\n\r\n2. Problem description and Impact\r\n=================================\r\n\r\nMoxie Marlinspike demonstrated in July 2009 that some CAs would sign\r\ncertificates that contain embedded NUL characters in the Common Name or\r\nsubjectAltName fields of ITU-T X.509 certificates.\r\n\r\nApplications that would treat such X.509 strings as NUL-terminated C\r\nstrings (rather than strings that contain an explicit length field)\r\nwould only check the part up to and excluding the NUL character, so that\r\ncertificate names such as www.good.example\0www.bad.example.com would be\r\nmistaken as a certificate name for www.good.example. fetchmail also had\r\nthis design and implementation flaw.\r\n\r\nNote that fetchmail should always be forced to use strict certificate\r\nvalidation through either of these option combinations:\r\n\r\n --sslcertck --ssl --sslproto ssl3 (for service on SSL-wrapped ports)\r\nor\r\n --sslcertck --sslproto tls1 (for STARTTLS-based services)\r\n\r\n(These are for the command line, in the rcfile, you will need to omit\r\nthe respective leading --).\r\n\r\nThe default is relaxed checking for compatibility with historic versions.\r\n\r\n\r\n3. Solution\r\n===========\r\n\r\nThere are two alternatives, either of them by itself is sufficient:\r\n\r\na. Apply the patch found in section B of this announcement to\r\n fetchmail 6.3.10, recompile and reinstall it.\r\n\r\nb. Install fetchmail 6.3.11 or newer after it will have become available.\r\n The fetchmail source code is always available from\r\n <http://developer.berlios.de/project/showfiles.php?group_id=1824>.\r\n\r\n\r\n4. Workaround\r\n=============\r\n\r\nObtain the server fingerprints through a separate secure channel and\r\nconfigure them with the sslfingerprint option, and enable the sslcertck\r\noption.\r\n\r\n\r\nA. Copyright, License and Warranty\r\n==================================\r\n\r\n(C) Copyright 2009 by Matthias Andree, <matthias.andree@gmx.de>.\r\nSome rights reserved.\r\n\r\nThis work is licensed under the Creative Commons\r\nAttribution-Noncommercial-No Derivative Works 3.0 Germany License.\r\nTo view a copy of this license, visit\r\nhttp://creativecommons.org/licenses/by-nc-nd/3.0/de/ or send a letter to\r\n\r\nCreative Commons\r\n171 Second Street\r\nSuite 300\r\nSAN FRANCISCO, CALIFORNIA 94105\r\nUSA\r\n\r\n\r\nTHIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.\r\nUse the information herein at your own risk.\r\n\r\n\r\nB. Patch to remedy the problem\r\n==============================\r\n\r\nNote that when taking this from a GnuPG clearsigned file, the lines \r\nstarting with a "-" character are prefixed by another "- " (dash + \r\nblank) combination. Either feed this file through GnuPG to strip them, \r\nor strip them manually.\r\n\r\nWhitespace differences can usually be ignored by invoking "patch -l",\r\nso try this if the patch does not apply.\r\n\r\n\r\nIndex: socket.c\r\n===================================================================\r\n- --- ./socket.c~\r\n+++ ./socket.c\r\n@@ -632,6 +632,12 @@\r\n report(stderr, GT_("Bad certificate: Subject CommonName too long!\n"));\r\n return (0);\r\n }\r\n+ if ((size_t)i > strlen(buf)) {\r\n+ /* Name contains embedded NUL characters, so we complain. This is\r\nlikely\r\n+ * a certificate spoofing attack. */\r\n+ report(stderr, GT_("Bad certificate: Subject CommonName contains NUL,\r\naborting!\n"));\r\n+ return 0;\r\n+ }\r\n if (_ssl_server_cname != NULL) {\r\n char *p1 = buf;\r\n char *p2 = _ssl_server_cname;\r\n@@ -643,11 +649,18 @@\r\n * first find a match among alternative names */\r\n gens = (STACK_OF(GENERAL_NAME) *)X509_get_ext_d2i(x509_cert,\r\nNID_subject_alt_name, NULL, NULL);\r\n if (gens) {\r\n- - int i, r;\r\n- - for (i = 0, r = sk_GENERAL_NAME_num(gens); i < r; ++i) {\r\n- - const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens,\r\ni);\r\n+ int j, r;\r\n+ for (j = 0, r = sk_GENERAL_NAME_num(gens); j < r; ++j) {\r\n+ const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens,\r\nj);\r\n if (gn->type == GEN_DNS) {\r\n char *p1 = (char *)gn->d.ia5->data;\r\n char *p2 = _ssl_server_cname;\r\n+ /* Name contains embedded NUL characters, so\r\nwe complain. This\r\n+ * is likely a certificate spoofing attack. */\r\n+ if ((size_t)gn->d.ia5->length != strlen(p1)) {\r\n+ report(stderr, GT_("Bad certificate:\r\nSubject Alternative Name contains NUL, aborting!\n"));\r\n+ sk_GENERAL_NAME_free(gens);\r\n+ return 0;\r\n+ }\r\n if (outlevel >= O_VERBOSE)\r\n report(stderr, "Subject Alternative\r\nName: %s\n", p1);\r\n\r\nEND OF fetchmail-SA-2009-01.txt\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.9 (GNU/Linux)\r\n\r\niEYEARECAAYFAkp6GP8ACgkQvmGDOQUufZVuQwCgsD/kO/+KHC0/gopx/uiQr9V7\r\nmXAAnjH6G5DfcxAjCzjmt9DKZHGsqoNv\r\n=6zGh\r\n-----END PGP SIGNATURE-----", "cvss3": {}, "published": "2009-08-08T00:00:00", "type": "securityvulns", "title": "fetchmail security announcement fetchmail-SA-2009-01 (CVE-2009-2666)", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2009-2666", "CVE-2009-2408"], "modified": "2009-08-08T00:00:00", "id": "SECURITYVULNS:DOC:22276", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22276", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "description": "Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC) for retrieval. Then Fetchmail forwards the mail through SMTP so you can read it through your favorite mail client. Install fetchmail if you need to retrieve mail over SLIP or PPP connections. ", "cvss3": {}, "published": "2008-06-28T22:15:01", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: fetchmail-6.3.8-7.fc9", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2711"], "modified": "2008-06-28T22:15:01", "id": "FEDORA:M5SMESRC003240", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2JB5EJJUSVTKHRKMRUOLSJFZ7SD5Q2TI/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC) for retrieval. Then Fetchmail forwards the mail through SMTP so you can read it through your favorite mail client. Install fetchmail if you need to retrieve mail over SLIP or PPP connections. ", "cvss3": {}, "published": "2008-06-28T22:15:22", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: fetchmail-6.3.8-4.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2711"], "modified": "2008-06-28T22:15:22", "id": "FEDORA:M5SMFHKA003295", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IXYVY5KKTZBIR6RKPGOG4O6XUEAL7IH2/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC) for retrieval. Then Fetchmail forwards the mail through SMTP so you can read it through your favorite mail client. Install fetchmail if you need to retrieve mail over SLIP or PPP connections. ", "cvss3": {}, "published": "2009-09-04T04:08:14", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: fetchmail-6.3.8-9.fc10", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2666"], "modified": "2009-09-04T04:08:14", "id": "FEDORA:4524810F8B4", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZIXZGMQOSVVKBFA66KHE2X57ZTT54MGU/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC) for retrieval. Then Fetchmail forwards the mail through SMTP so you can read it through your favorite mail client. Install fetchmail if you need to retrieve mail over SLIP or PPP connections. ", "cvss3": {}, "published": "2009-09-04T04:05:36", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: fetchmail-6.3.9-5.fc11", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2666"], "modified": "2009-09-04T04:05:36", "id": "FEDORA:D52F410F886", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HZVJT4347FKQ4PNDBE7OYPXPGCHR45ST/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:48", "description": "Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC) for retrieval. Then Fetchmail forwards the mail through SMTP so you can read it through your favorite mail client. Install fetchmail if you need to retrieve mail over SLIP or PPP connections. ", "cvss3": {}, "published": "2007-09-04T22:10:40", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: fetchmail-6.3.7-2.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4565"], "modified": "2007-09-04T22:10:40", "id": "FEDORA:L84MAGHD029693", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KEEB6UKEMULQE75HBP43EUGMKB5XF7BF/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:48", "description": "Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC) for retrieval. Then Fetchmail forwards the mail through SMTP so you can read it through your favorite mail client. Install fetchmail if you need to retrieve mail over SLIP or PPP connections. ", "cvss3": {}, "published": "2007-09-04T21:26:32", "type": "fedora", "title": "[SECURITY] Fedora Core 6 Update: fetchmail-6.3.6-3.fc6", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4565"], "modified": "2007-09-04T21:26:32", "id": "FEDORA:L84LQWGQ024974", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YMPQXDADQ5VQLRDPULSDH5OKXEREAAI7/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "seebug": [{"lastseen": "2017-11-19T21:38:00", "description": "BUGTRAQ ID: 29705\r\nCVE(CAN) ID: CVE-2008-2711\r\n\r\nFetchmail\u662f\u514d\u8d39\u7684\u8f6f\u4ef6\u5305\uff0c\u53ef\u4ee5\u4ece\u8fdc\u7a0bPOP2\u3001POP3\u3001IMAP\u3001ETRN\u6216ODMR\u670d\u52a1\u5668\u68c0\u7d22\u90ae\u4ef6\u5e76\u5c06\u5176\u8f6c\u53d1\u7ed9\u672c\u5730SMTP\u3001LMTP\u670d\u52a1\u5668\u6216\u6d88\u606f\u4f20\u9001\u4ee3\u7406\u3002\r\n\r\nFetchmail\u5728\u5904\u7406\u6d88\u606f\u65f6\u5b58\u5728\u5185\u5b58\u8bbf\u95ee\u9519\u8bef\uff0c\u4ee5-v -v verbose\u7ea7\u522b\u8fd0\u884c\u7684fetchmail\u5728\u8bd5\u56fe\u6253\u5370\u8d85\u8fc72048\u5b57\u8282\u7684\u5934\u65f6\u4f1a\u91cd\u65b0\u8c03\u6574\u7f13\u51b2\u533a\u5927\u5c0f\u5e76\u586b\u5145\u6d88\u606f\u7684\u591a\u51fa\u90e8\u5206\uff0c\u4f46\u6ca1\u6709\u91cd\u65b0\u521d\u59cb\u5316\u5176 va_list\u7c7b\u578b\u7684\u6e90\u6307\u9488\uff0c\u56e0\u6b64\u53ef\u80fd\u4f1a\u5728\u6808\u4e0a\u7684\u65e0\u6548\u5730\u5740\u8bfb\u53d6\u6570\u636e\uff0c\u5bfc\u81f4\u51fa\u73b0\u5206\u6bb5\u9519\u8bef\u800c\u5d29\u6e83\u3002\n\nfetchmail < 6.3.9\n \u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u4ee5\u4f4everbosity\u8fd0\u884cfetchmail\uff0c\u4e0d\u8981\u4f7f\u7528\u4e24\u4e2a\u6216\u4e09\u4e2a-v\u53c2\u6570\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nfetchmail\r\n---------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://developer.berlios.de/patch/?func=detailpatch&patch_id=2492&group_id=1824 target=_blank>http://developer.berlios.de/patch/?func=detailpatch&patch_id=2492&group_id=1824</a>", "cvss3": {}, "published": "2008-06-20T00:00:00", "type": "seebug", "title": "Fetchmail Verbose\u6a21\u5f0f\u8d85\u5927\u65e5\u5fd7\u6d88\u606f\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2008-2711"], "modified": "2008-06-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3436", "id": "SSV:3436", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-11-19T18:40:58", "description": "BUGTRAQ ID: 35951\r\nCVE(CAN) ID: CVE-2009-2666\r\n\r\nFetchmail\u662f\u514d\u8d39\u7684\u8f6f\u4ef6\u5305\uff0c\u53ef\u4ee5\u4ece\u8fdc\u7a0bPOP2\u3001POP3\u3001IMAP\u3001ETRN\u6216ODMR\u670d\u52a1\u5668\u68c0\u7d22\u90ae\u4ef6\u5e76\u5c06\u5176\u8f6c\u53d1\u7ed9\u672c\u5730SMTP\u3001LMTP\u670d\u52a1\u5668\u6216\u6d88\u606f\u4f20\u9001\u4ee3\u7406\u3002\r\n\r\n\u4e00\u4e9bCA\u6240\u7b7e\u540d\u7684\u8bc1\u4e66\u5728ITU-T X.509\u8bc1\u4e66\u7684Common Name\u6216subjectAltName\u5b57\u6bb5\u4e2d\u5305\u542b\u6709\u5d4c\u5165\u7684\u7a7a\u5b57\u7b26\uff0cFetchmail\u5728\u5904\u7406\u8fd9\u79cdX.509\u5b57\u7b26\u4e32\u65f6\u4f1a\u5c06\u5176\u5904\u7406\u4e3a\u7ec8\u6b62\u7b26\uff0c\u56e0\u6b64\u53ea\u4f1a\u68c0\u67e5\u7a7a\u5b57\u7b26\u7684\u4e4b\u524d\u90e8\u5206\u3002\u4f8b\u5982\uff0c\u540d\u79f0\u4e3awww.good.example\\0www.bad.example.com \u7684\u8bc1\u4e66\u4f1a\u88ab\u9519\u8bef\u7684\u5904\u7406\u4e3awww.good.example \u3002\u8fd9\u5c31\u5141\u8bb8\u653b\u51fb\u8005\u4f2a\u9020\u5408\u6cd5\u57df\u7684\u8bc1\u4e66\uff0c\u6267\u884c\u4e2d\u95f4\u4eba\u653b\u51fb\u3002\n\nEric Raymond Fetchmail 6.3.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nEric Raymond\r\n------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://developer.berlios.de/project/showfiles.php?group_id=1824", "cvss3": {}, "published": "2009-08-09T00:00:00", "title": "Fetchmail SSL\u8bc1\u4e66\u7a7a\u5b57\u7b26\u9a8c\u8bc1\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2009-08-09T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12016", "id": "SSV:12016", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-11-19T22:02:14", "description": "BUGTRAQ ID: 25495\r\nCVE(CAN) ID: CVE-2007-4565\r\n\r\nFetchmail\u662f\u514d\u8d39\u7684\u8f6f\u4ef6\u5305\uff0c\u53ef\u4ee5\u4ece\u8fdc\u7a0bPOP2\u3001POP3\u3001IMAP\u3001ETRN\u6216ODMR\u670d\u52a1\u5668\u68c0\u7d22\u90ae\u4ef6\u5e76\u5c06\u5176\u8f6c\u53d1\u7ed9\u672c\u5730SMTP\u3001LMTP\u670d\u52a1\u5668\u6216\u6d88\u606f\u4f20\u9001\u4ee3\u7406\u3002\r\n\r\n\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0bFetchmail\u4f1a\u751f\u6210\u8b66\u544a\u6d88\u606f\u5e76\u53d1\u9001\u7ed9\u7ba1\u7406\u5458\u4fe1\u7bb1\u6216\u542f\u52a8Fetchmail\u7684\u7528\u6237\uff0c\u4f8b\u5982\uff0c\u5f53\u767b\u5f55\u5230\u4e0a\u6e38\u670d\u52a1\u5668\u53cd\u590d\u5931\u8d25\u6216\u6d88\u606f\u8d85\u8fc7\u5927\u5c0f\u9650\u5236\u65f6\u5c31\u4f1a\u751f\u6210\u8fd9\u6837\u7684\u6d88\u606f\u3002\u5982\u679c\u4e4b\u540eFetchmail\u5c06\u6d88\u606f\u8f6c\u53d1\u5230\u7684SMTP\u76d1\u542c\u7a0b\u5e8f\u62d2\u7edd\u4e86\u8fd9\u4e2a\u8b66\u544a\u6d88\u606f\uff0c\u5728\u8bd5\u56fe\u786e\u5b9a\u662f\u5426\u5e94\u53d1\u9001bounce\u6d88\u606f\u65f6\u4f1a\u5f15\u7528\u7a7a\u6307\u9488\uff0c\u5bfc\u81f4Fetchmail\u5d29\u6e83\uff0c\u5728\u91cd\u542f\u4e4b\u524d\u4e0d\u4f1a\u518d\u6536\u96c6\u4efb\u4f55\u6d88\u606f\u3002\r\n\n\nfetchmail fetchmail < 6.3.9 \r\nfetchmail fetchmail < 4.6.8\n \u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=\"http://fetchmail.berlios.de/\" target=\"_blank\">http://fetchmail.berlios.de/</a>\r\n\r\nIndex: sink.c\r\n===================================================================\r\n--- sink.c (revision 5118)\r\n+++ sink.c (revision 5119)\r\n@@ -262,7 +262,7 @@\r\nconst char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@";\r\n\r\n/* don't bounce in reply to undeliverable bounces */\r\n- if (!msg->return_path[0] ||\r\n+ if (!msg || !msg->return_path[0] ||\r\nstrcmp(msg->return_path, "<>") == 0 ||\r\nstrcasecmp(msg->return_path, md1) == 0 ||\r\nstrncasecmp(msg->return_path, md2, strlen(md2)) == 0)", "cvss3": {}, "published": "2007-09-06T00:00:00", "title": "Fetchmail\u65e0\u6548\u8b66\u544a\u6d88\u606f\u672c\u5730\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2007-4565"], "modified": "2007-09-06T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-2191", "id": "SSV:2191", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "veracode": [{"lastseen": "2022-07-27T10:43:27", "description": "fetchmail is vulnerable to denial of service. A flaw was found in fetchmail. When fetchmail is run in double verbose mode (\"-v -v\"), it could crash upon receiving certain, malformed mail messages with long headers. A remote attacker could use this flaw to cause a denial of service if fetchmail was also running in daemon mode (\"-d\"). \n", "cvss3": {}, "published": "2020-04-10T00:36:12", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2711"], "modified": "2020-05-27T05:53:05", "id": "VERACODE:23790", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-23790/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-27T10:17:23", "description": "fetchmail is vulnerable to man-in-the-middle attack. It was discovered that fetchmail is affected by the previously published \"null prefix attack\", caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse fetchmail into accepting it by mistake.\n", "cvss3": {}, "published": "2020-04-10T00:36:12", "type": "veracode", "title": "Man-in-the-Middle (MitM)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2666"], "modified": "2022-04-19T18:34:38", "id": "VERACODE:23791", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-23791/summary", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-07-27T10:24:13", "description": "fetchmail is vulnerable to denial of service (DoS). A flaw was found in the way fetchmail handles rejections from a remote SMTP server when sending warning mail to the postmaster. If fetchmail sent a warning mail to the postmaster of an SMTP server and that SMTP server rejected it, fetchmail could crash.\n", "cvss3": {}, "published": "2020-04-10T00:36:11", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4565"], "modified": "2022-04-19T18:28:37", "id": "VERACODE:23789", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-23789/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-06-07T14:12:16", "description": "fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.", "cvss3": {}, "published": "2008-06-16T21:41:00", "type": "cve", "title": "CVE-2008-2711", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2711"], "modified": "2021-08-09T21:15:00", "cpe": ["cpe:/a:fetchmail:fetchmail:6.2.3", "cpe:/a:fetchmail:fetchmail:6.3.7", "cpe:/a:fetchmail:fetchmail:5.9.13", "cpe:/a:fetchmail:fetchmail:6.2.4", "cpe:/a:fetchmail:fetchmail:5.2.0", "cpe:/a:fetchmail:fetchmail:5.8.13", "cpe:/a:fetchmail:fetchmail:5.4.4", "cpe:/a:fetchmail:fetchmail:6.2.5.4", "cpe:/a:fetchmail:fetchmail:5.2.7", "cpe:/a:fetchmail:fetchmail:5.0.0", "cpe:/a:fetchmail:fetchmail:5.9.11", "cpe:/a:fetchmail:fetchmail:5.5.2", "cpe:/a:fetchmail:fetchmail:5.8.17", "cpe:/a:fetchmail:fetchmail:4.7.1", "cpe:/a:fetchmail:fetchmail:6.1.0", "cpe:/a:fetchmail:fetchmail:5.8.3", "cpe:/a:fetchmail:fetchmail:4.7.0", "cpe:/a:fetchmail:fetchmail:5.9.5", "cpe:/a:fetchmail:fetchmail:5.4.3", "cpe:/a:fetchmail:fetchmail:4.6.4", "cpe:/a:fetchmail:fetchmail:5.8.2", "cpe:/a:fetchmail:fetchmail:4.7.3", "cpe:/a:fetchmail:fetchmail:4.7.2", "cpe:/a:fetchmail:fetchmail:5.3.3", "cpe:/a:fetchmail:fetchmail:5.0.5", "cpe:/a:fetchmail:fetchmail:4.6.9", "cpe:/a:fetchmail:fetchmail:6.2.5", "cpe:/a:fetchmail:fetchmail:5.0.6", "cpe:/a:fetchmail:fetchmail:4.5.4", "cpe:/a:fetchmail:fetchmail:4.5.2", "cpe:/a:fetchmail:fetchmail:6.1.3", "cpe:/a:fetchmail:fetchmail:5.0.3", "cpe:/a:fetchmail:fetchmail:5.9.4", "cpe:/a:fetchmail:fetchmail:5.8", "cpe:/a:fetchmail:fetchmail:5.9.10", "cpe:/a:fetchmail:fetchmail:6.2.1", "cpe:/a:fetchmail:fetchmail:6.2.6", "cpe:/a:fetchmail:fetchmail:5.8.4", "cpe:/a:fetchmail:fetchmail:5.3.8", "cpe:/a:fetchmail:fetchmail:5.0.2", "cpe:/a:fetchmail:fetchmail:6.3.8", "cpe:/a:fetchmail:fetchmail:6.3.3", "cpe:/a:fetchmail:fetchmail:5.0.8", "cpe:/a:fetchmail:fetchmail:5.8.1", "cpe:/a:fetchmail:fetchmail:4.6.2", "cpe:/a:fetchmail:fetchmail:6.2.2", "cpe:/a:fetchmail:fetchmail:6.3.6", "cpe:/a:fetchmail:fetchmail:5.7.4", "cpe:/a:fetchmail:fetchmail:4.7.6", "cpe:/a:fetchmail:fetchmail:4.5.5", "cpe:/a:fetchmail:fetchmail:4.6.7", "cpe:/a:fetchmail:fetchmail:4.7.5", "cpe:/a:fetchmail:fetchmail:5.9.8", "cpe:/a:fetchmail:fetchmail:4.6.1", "cpe:/a:fetchmail:fetchmail:4.5.1", "cpe:/a:fetchmail:fetchmail:4.5.3", "cpe:/a:fetchmail:fetchmail:4.5.6", "cpe:/a:fetchmail:fetchmail:5.3.1", "cpe:/a:fetchmail:fetchmail:5.0.1", "cpe:/a:fetchmail:fetchmail:5.4.0", "cpe:/a:fetchmail:fetchmail:4.6.3", "cpe:/a:fetchmail:fetchmail:5.4.5", "cpe:/a:fetchmail:fetchmail:5.5.5", "cpe:/a:fetchmail:fetchmail:6.2.5.2", "cpe:/a:fetchmail:fetchmail:5.0.4", "cpe:/a:fetchmail:fetchmail:4.6.8", "cpe:/a:fetchmail:fetchmail:6.3.1", "cpe:/a:fetchmail:fetchmail:5.5.3", "cpe:/a:fetchmail:fetchmail:5.8.11", "cpe:/a:fetchmail:fetchmail:6.3.2", "cpe:/a:fetchmail:fetchmail:6.3.5", "cpe:/a:fetchmail:fetchmail:5.2.1", "cpe:/a:fetchmail:fetchmail:5.7.0", "cpe:/a:fetchmail:fetchmail:5.5.0", "cpe:/a:fetchmail:fetchmail:5.1.4", "cpe:/a:fetchmail:fetchmail:5.8.14", "cpe:/a:fetchmail:fetchmail:4.6.5", "cpe:/a:fetchmail:fetchmail:6.2.5.1", "cpe:/a:fetchmail:fetchmail:5.2.8", "cpe:/a:fetchmail:fetchmail:5.8.6", "cpe:/a:fetchmail:fetchmail:5.0.7", "cpe:/a:fetchmail:fetchmail:4.6.0", "cpe:/a:fetchmail:fetchmail:5.9.0", "cpe:/a:fetchmail:fetchmail:5.2.3", "cpe:/a:fetchmail:fetchmail:6.2.9", "cpe:/a:fetchmail:fetchmail:5.2.4", "cpe:/a:fetchmail:fetchmail:5.7.2", "cpe:/a:fetchmail:fetchmail:5.8.5", "cpe:/a:fetchmail:fetchmail:6.3.0", "cpe:/a:fetchmail:fetchmail:5.1.0", "cpe:/a:fetchmail:fetchmail:4.7.4", "cpe:/a:fetchmail:fetchmail:4.6.6", "cpe:/a:fetchmail:fetchmail:4.7.7", "cpe:/a:fetchmail:fetchmail:4.5.7", "cpe:/a:fetchmail:fetchmail:4.5.8", "cpe:/a:fetchmail:fetchmail:6.0.0", "cpe:/a:fetchmail:fetchmail:5.3.0", "cpe:/a:fetchmail:fetchmail:5.5.6", "cpe:/a:fetchmail:fetchmail:6.2.0", "cpe:/a:fetchmail:fetchmail:5.6.0", "cpe:/a:fetchmail:fetchmail:6.3.4"], "id": "CVE-2008-2711", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2711", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:fetchmail:fetchmail:5.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc5:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc5:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc4:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc3:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc8:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.9.11:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.6:pre9:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.6:pre8:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc4:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.6:pre4:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc7:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc3:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc10:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.9.13:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc9:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.13:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.17:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.14:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-07T14:18:13", "description": "sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.", "cvss3": {}, "published": "2007-08-28T01:17:00", "type": "cve", "title": "CVE-2007-4565", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4565"], "modified": "2018-10-15T21:36:00", "cpe": ["cpe:/a:fetchmail:fetchmail:5.2.3", "cpe:/a:fetchmail:fetchmail:5.3.0", "cpe:/a:fetchmail:fetchmail:4.6.8", "cpe:/a:fetchmail:fetchmail:5.4.4", "cpe:/a:fetchmail:fetchmail:6.3.0", "cpe:/a:fetchmail:fetchmail:4.7.0", "cpe:/a:fetchmail:fetchmail:5.8.13", "cpe:/a:fetchmail:fetchmail:5.3.8", "cpe:/a:fetchmail:fetchmail:4.5.5", "cpe:/a:fetchmail:fetchmail:5.2.4", "cpe:/a:fetchmail:fetchmail:5.4.3", "cpe:/a:fetchmail:fetchmail:4.5.1", "cpe:/a:fetchmail:fetchmail:6.1.3", "cpe:/a:fetchmail:fetchmail:4.7.5", "cpe:/a:fetchmail:fetchmail:6.2.1", "cpe:/a:fetchmail:fetchmail:5.5.2", "cpe:/a:fetchmail:fetchmail:5.9.11", "cpe:/a:fetchmail:fetchmail:6.2.2", "cpe:/a:fetchmail:fetchmail:4.6.4", "cpe:/a:fetchmail:fetchmail:4.6.7", "cpe:/a:fetchmail:fetchmail:6.3.5", "cpe:/a:fetchmail:fetchmail:5.9.13", "cpe:/a:fetchmail:fetchmail:5.5.5", "cpe:/a:fetchmail:fetchmail:6.3.2", "cpe:/a:fetchmail:fetchmail:4.7.1", "cpe:/a:fetchmail:fetchmail:4.6.3", "cpe:/a:fetchmail:fetchmail:5.0.3", "cpe:/a:fetchmail:fetchmail:4.7.2", "cpe:/a:fetchmail:fetchmail:5.3.1", "cpe:/a:fetchmail:fetchmail:5.8.17", "cpe:/a:fetchmail:fetchmail:5.9.5", "cpe:/a:fetchmail:fetchmail:4.6.5", "cpe:/a:fetchmail:fetchmail:4.5.4", "cpe:/a:fetchmail:fetchmail:5.2.1", "cpe:/a:fetchmail:fetchmail:4.6.9", "cpe:/a:fetchmail:fetchmail:4.6.2", "cpe:/a:fetchmail:fetchmail:5.5.0", "cpe:/a:fetchmail:fetchmail:5.0.1", "cpe:/a:fetchmail:fetchmail:6.2.5.1", "cpe:/a:fetchmail:fetchmail:5.7.4", "cpe:/a:fetchmail:fetchmail:5.8", "cpe:/a:fetchmail:fetchmail:6.2.5.2", "cpe:/a:fetchmail:fetchmail:5.8.4", "cpe:/a:fetchmail:fetchmail:6.2.6", "cpe:/a:fetchmail:fetchmail:5.9.0", "cpe:/a:fetchmail:fetchmail:5.9.4", "cpe:/a:fetchmail:fetchmail:5.4.0", "cpe:/a:fetchmail:fetchmail:6.3.6", "cpe:/a:fetchmail:fetchmail:4.5.3", "cpe:/a:fetchmail:fetchmail:5.4.5", "cpe:/a:fetchmail:fetchmail:4.5.7", "cpe:/a:fetchmail:fetchmail:5.3.3", "cpe:/a:fetchmail:fetchmail:4.6.1", "cpe:/a:fetchmail:fetchmail:5.7.0", "cpe:/a:fetchmail:fetchmail:6.3.8", "cpe:/a:fetchmail:fetchmail:5.1.0", "cpe:/a:fetchmail:fetchmail:5.8.14", "cpe:/a:fetchmail:fetchmail:4.5.8", "cpe:/a:fetchmail:fetchmail:6.2.4", "cpe:/a:fetchmail:fetchmail:5.8.1", "cpe:/a:fetchmail:fetchmail:6.3.9", "cpe:/a:fetchmail:fetchmail:4.5.2", "cpe:/a:fetchmail:fetchmail:5.5.6", "cpe:/a:fetchmail:fetchmail:5.1.4", "cpe:/a:fetchmail:fetchmail:5.8.6", "cpe:/a:fetchmail:fetchmail:4.7.4", "cpe:/a:fetchmail:fetchmail:5.0.2", "cpe:/a:fetchmail:fetchmail:5.0.6", "cpe:/a:fetchmail:fetchmail:6.2.0", "cpe:/a:fetchmail:fetchmail:5.0.8", "cpe:/a:fetchmail:fetchmail:6.3.1", "cpe:/a:fetchmail:fetchmail:5.8.11", "cpe:/a:fetchmail:fetchmail:5.2.8", "cpe:/a:fetchmail:fetchmail:5.0.0", "cpe:/a:fetchmail:fetchmail:5.0.4", "cpe:/a:fetchmail:fetchmail:5.7.2", "cpe:/a:fetchmail:fetchmail:4.6.6", "cpe:/a:fetchmail:fetchmail:6.1.0", "cpe:/a:fetchmail:fetchmail:5.9.10", "cpe:/a:fetchmail:fetchmail:6.3.4", "cpe:/a:fetchmail:fetchmail:5.0.5", "cpe:/a:fetchmail:fetchmail:6.2.5", "cpe:/a:fetchmail:fetchmail:5.9.8", "cpe:/a:fetchmail:fetchmail:4.6.0", "cpe:/a:fetchmail:fetchmail:4.7.3", "cpe:/a:fetchmail:fetchmail:4.5.6", "cpe:/a:fetchmail:fetchmail:5.2.7", "cpe:/a:fetchmail:fetchmail:4.7.7", "cpe:/a:fetchmail:fetchmail:6.0.0", "cpe:/a:fetchmail:fetchmail:6.2.9", "cpe:/a:fetchmail:fetchmail:6.3.7", "cpe:/a:fetchmail:fetchmail:4.7.6", "cpe:/a:fetchmail:fetchmail:5.6.0", "cpe:/a:fetchmail:fetchmail:6.2.5.4", "cpe:/a:fetchmail:fetchmail:5.0.7", "cpe:/a:fetchmail:fetchmail:6.3.3", "cpe:/a:fetchmail:fetchmail:6.2.3", "cpe:/a:fetchmail:fetchmail:5.8.3", "cpe:/a:fetchmail:fetchmail:5.8.5", "cpe:/a:fetchmail:fetchmail:5.2.0", "cpe:/a:fetchmail:fetchmail:5.8.2", "cpe:/a:fetchmail:fetchmail:5.5.3"], "id": "CVE-2007-4565", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4565", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:fetchmail:fetchmail:4.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.6:pre9:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc5:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.9:rc2:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc8:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc5:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.9.11:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc3:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.13:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc3:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.17:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.6:pre8:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc10:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc4:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.14:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.6:pre4:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc4:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.9.13:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc9:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc7:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:12:31", "description": "socket.c in fetchmail before 6.3.11 does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.", "cvss3": {}, "published": "2009-08-07T19:00:00", "type": "cve", "title": "CVE-2009-2666", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2408", "CVE-2009-2666"], "modified": "2018-10-10T19:41:00", "cpe": ["cpe:/a:fetchmail:fetchmail:5.2.4", "cpe:/a:fetchmail:fetchmail:6.2.1", "cpe:/a:fetchmail:fetchmail:5.3.8", "cpe:/a:fetchmail:fetchmail:4.6.6", "cpe:/a:fetchmail:fetchmail:5.2.1", "cpe:/a:fetchmail:fetchmail:5.8.13", "cpe:/a:fetchmail:fetchmail:6.2.5.1", "cpe:/a:fetchmail:fetchmail:6.2.0", "cpe:/a:fetchmail:fetchmail:5.8.14", "cpe:/a:fetchmail:fetchmail:4.6.9", "cpe:/a:fetchmail:fetchmail:4.6.3", "cpe:/a:fetchmail:fetchmail:5.3.3", "cpe:/a:fetchmail:fetchmail:5.0.5", "cpe:/a:fetchmail:fetchmail:5.7.0", "cpe:/a:fetchmail:fetchmail:5.0.2", "cpe:/a:fetchmail:fetchmail:5.4.0", "cpe:/a:fetchmail:fetchmail:5.5.2", "cpe:/a:fetchmail:fetchmail:6.3.7", "cpe:/a:fetchmail:fetchmail:6.2.9", "cpe:/a:fetchmail:fetchmail:6.3.8", "cpe:/a:fetchmail:fetchmail:5.5.5", "cpe:/a:fetchmail:fetchmail:6.2.4", "cpe:/a:fetchmail:fetchmail:6.3.4", "cpe:/a:fetchmail:fetchmail:6.3.6", "cpe:/a:fetchmail:fetchmail:5.1.0", "cpe:/a:fetchmail:fetchmail:5.9.10", "cpe:/a:fetchmail:fetchmail:4.7.7", "cpe:/a:fetchmail:fetchmail:5.6.0", "cpe:/a:fetchmail:fetchmail:6.1.0", "cpe:/a:fetchmail:fetchmail:4.7.4", "cpe:/a:fetchmail:fetchmail:6.3.9", "cpe:/a:fetchmail:fetchmail:5.9.4", "cpe:/a:fetchmail:fetchmail:6.2.5", "cpe:/a:fetchmail:fetchmail:6.3.3", "cpe:/a:fetchmail:fetchmail:4.5.7", "cpe:/a:fetchmail:fetchmail:5.8.4", "cpe:/a:fetchmail:fetchmail:6.3.2", "cpe:/a:fetchmail:fetchmail:4.6.4", "cpe:/a:fetchmail:fetchmail:6.3.10", "cpe:/a:fetchmail:fetchmail:4.7.6", "cpe:/a:fetchmail:fetchmail:5.4.3", "cpe:/a:fetchmail:fetchmail:5.0.8", "cpe:/a:fetchmail:fetchmail:4.5.2", "cpe:/a:fetchmail:fetchmail:4.7.1", "cpe:/a:fetchmail:fetchmail:5.0.0", "cpe:/a:fetchmail:fetchmail:4.5.3", "cpe:/a:fetchmail:fetchmail:5.0.3", "cpe:/a:fetchmail:fetchmail:6.3.5", "cpe:/a:fetchmail:fetchmail:5.2.8", "cpe:/a:fetchmail:fetchmail:6.2.5.2", "cpe:/a:fetchmail:fetchmail:6.0.0", "cpe:/a:fetchmail:fetchmail:4.7.3", "cpe:/a:fetchmail:fetchmail:6.1.3", "cpe:/a:fetchmail:fetchmail:5.0.4", "cpe:/a:fetchmail:fetchmail:5.4.5", "cpe:/a:fetchmail:fetchmail:5.8.2", "cpe:/a:fetchmail:fetchmail:5.0.7", "cpe:/a:fetchmail:fetchmail:5.2.3", "cpe:/a:fetchmail:fetchmail:5.3.0", "cpe:/a:fetchmail:fetchmail:5.9.8", "cpe:/a:fetchmail:fetchmail:4.5.4", "cpe:/a:fetchmail:fetchmail:5.2.7", "cpe:/a:fetchmail:fetchmail:5.8.3", "cpe:/a:fetchmail:fetchmail:5.8.11", "cpe:/a:fetchmail:fetchmail:4.5.5", "cpe:/a:fetchmail:fetchmail:5.2.0", "cpe:/a:fetchmail:fetchmail:6.3.0", "cpe:/a:fetchmail:fetchmail:5.3.1", "cpe:/a:fetchmail:fetchmail:5.8.17", "cpe:/a:fetchmail:fetchmail:6.2.2", "cpe:/a:fetchmail:fetchmail:5.8.1", "cpe:/a:fetchmail:fetchmail:6.2.6", "cpe:/a:fetchmail:fetchmail:6.2.3", "cpe:/a:fetchmail:fetchmail:5.4.4", "cpe:/a:fetchmail:fetchmail:5.8.6", "cpe:/a:fetchmail:fetchmail:4.6.1", "cpe:/a:fetchmail:fetchmail:4.6.7", "cpe:/a:fetchmail:fetchmail:4.7.5", "cpe:/a:fetchmail:fetchmail:5.9.11", "cpe:/a:fetchmail:fetchmail:5.9.0", "cpe:/a:fetchmail:fetchmail:4.7.0", "cpe:/a:fetchmail:fetchmail:5.5.3", "cpe:/a:fetchmail:fetchmail:6.3.1", "cpe:/a:fetchmail:fetchmail:5.5.6", "cpe:/a:fetchmail:fetchmail:5.0.6", "cpe:/a:fetchmail:fetchmail:4.5.1", "cpe:/a:fetchmail:fetchmail:4.7.2", "cpe:/a:fetchmail:fetchmail:5.5.0", "cpe:/a:fetchmail:fetchmail:4.6.5", "cpe:/a:fetchmail:fetchmail:5.9.5", "cpe:/a:fetchmail:fetchmail:4.6.0", "cpe:/a:fetchmail:fetchmail:4.6.8", "cpe:/a:fetchmail:fetchmail:4.6.2", "cpe:/a:fetchmail:fetchmail:4.5.8", "cpe:/a:fetchmail:fetchmail:5.9.13", "cpe:/a:fetchmail:fetchmail:5.7.4", "cpe:/a:fetchmail:fetchmail:5.8.5", "cpe:/a:fetchmail:fetchmail:5.7.2", "cpe:/a:fetchmail:fetchmail:6.2.5.4", "cpe:/a:fetchmail:fetchmail:4.5.6", "cpe:/a:fetchmail:fetchmail:5.8", "cpe:/a:fetchmail:fetchmail:5.0.1", "cpe:/a:fetchmail:fetchmail:5.1.4"], "id": "CVE-2009-2666", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2666", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc5:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.6:pre8:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc5:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc9:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc3:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc10:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.9.13:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.9:rc2:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.6:pre4:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.6:pre9:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc8:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc7:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.14:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc4:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc3:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.17:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.9.11:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc4:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:6.2.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:4.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:fetchmail:fetchmail:5.8.13:*:*:*:*:*:*:*"]}], "freebsd": [{"lastseen": "2023-06-06T15:28:30", "description": "\n\nMatthias Andree reports:\n\n2008-06-24 1.2 also fixed issue in report_complete (reported by\n\t Petr Uzel)\n\n\n", "cvss3": {}, "published": "2008-06-24T00:00:00", "type": "freebsd", "title": "fetchmail -- potential crash in -v -v verbose mode (revised patch)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2711"], "modified": "2008-06-24T00:00:00", "id": "1E8E63C0-478A-11DD-A88D-000EA69A5213", "href": "https://vuxml.freebsd.org/freebsd/1e8e63c0-478a-11dd-a88d-000ea69a5213.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T15:28:30", "description": "\n\nMatthias Andree reports:\n\nGunter Nau reported fetchmail crashing on some messages; further\n\t debugging by Petr Uzel and Petr Cerny at Novell/SUSE Czech Republic\n\t dug up that this happened when fetchmail was trying to print, in\n\t -v -v verbose level, headers exceeding 2048 bytes. In this\n\t situation, fetchmail would resize the buffer and fill in further\n\t parts of the message, but forget to reinitialize its va_list\n\t typed source pointer, thus reading data from a garbage address found\n\t on the stack at addresses above the function arguments the caller\n\t passed in; usually that would be the caller's stack frame.\n\n\n", "cvss3": {}, "published": "2008-06-13T00:00:00", "type": "freebsd", "title": "fetchmail -- potential crash in -v -v verbose mode", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2711"], "modified": "2008-06-13T00:00:00", "id": "168190DF-3E9A-11DD-87BC-000EA69A5213", "href": "https://vuxml.freebsd.org/freebsd/168190df-3e9a-11dd-87bc-000ea69a5213.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T15:28:30", "description": "\n\nMatthias Andree reports:\n\nMoxie Marlinspike demonstrated in July 2009 that some CAs would\n\t sign certificates that contain embedded NUL characters in the\n\t Common Name or subjectAltName fields of ITU-T X.509\n\t certificates.\nApplications that would treat such X.509 strings as\n\t NUL-terminated C strings (rather than strings that contain an\n\t explicit length field) would only check the part up to and\n\t excluding the NUL character, so that certificate names such as\n\t www.good.example\\0www.bad.example.com would be mistaken as a\n\t certificate name for www.good.example. fetchmail also had this\n\t design and implementation flaw.\n\n\n", "cvss3": {}, "published": "2009-08-06T00:00:00", "type": "freebsd", "title": "fetchmail -- improper SSL certificate subject verification", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2666"], "modified": "2009-08-13T00:00:00", "id": "5179D85C-8683-11DE-91B9-0022157515B2", "href": "https://vuxml.freebsd.org/freebsd/5179d85c-8683-11de-91b9-0022157515b2.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-06-06T15:28:30", "description": "\n\nMatthias Andree reports:\n\nfetchmail will generate warning messages in certain\n\t circumstances (for instance, when leaving oversized messages\n\t on the server or login to the upstream fails) and send them\n\t to the local postmaster or the user running it.\nIf this warning message is then refused by the SMTP listener\n\t that fetchmail is forwarding the message to, fetchmail\n\t crashes and does not collect further messages until it is\n\t restarted.\n\n\n", "cvss3": {}, "published": "2007-07-29T00:00:00", "type": "freebsd", "title": "fetchmail -- denial of service on reject of local warning message", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4565"], "modified": "2007-07-29T00:00:00", "id": "45500F74-5947-11DC-87C1-000E2E5785AD", "href": "https://vuxml.freebsd.org/freebsd/45500f74-5947-11dc-87c1-000e2e5785ad.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T15:28:27", "description": "\n\nMatthias Andree reports:\n\nWhen a log message exceeds c. 2 kByte in size, for instance, with very long\n\t header contents, and depending on verbosity option, fetchmail can crash or\n\t misreport each first log message that requires a buffer reallocation.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-07T00:00:00", "type": "freebsd", "title": "fetchmail -- 6.4.19 and older denial of service or information disclosure", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2711", "CVE-2021-36386"], "modified": "2021-08-03T00:00:00", "id": "CBFD1874-EFEA-11EB-8FE9-036BD763FF35", "href": "https://vuxml.freebsd.org/freebsd/cbfd1874-efea-11eb-8fe9-036bd763ff35.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "slackware": [{"lastseen": "2023-06-06T15:12:40", "description": "New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, 11.0, 12.0, 12.1, and -current to fix security issues.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n https://vulners.com/cve/CVE-2008-2711\n\n\nHere are the details from the Slackware 12.1 ChangeLog:\n\npatches/packages/fetchmail-6.3.8-i486-3_slack12.1.tgz:\n Patched to fix a possible denial of service when \"-v -v\" options are used.\n For more information, see:\n https://vulners.com/cve/CVE-2008-2711\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/fetchmail-6.3.8-i386-1_slack8.1.tgz\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/fetchmail-6.3.8-i386-1_slack9.0.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/fetchmail-6.3.8-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/fetchmail-6.3.8-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/fetchmail-6.3.8-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/fetchmail-6.3.8-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/fetchmail-6.3.8-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/fetchmail-6.3.8-i486-3_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/fetchmail-6.3.8-i486-3_slack12.1.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/fetchmail-6.3.8-i486-3.tgz\n\n\nMD5 signatures:\n\nSlackware 8.1 package:\nb5d8c801042c5190ad8915a30dd0a35f fetchmail-6.3.8-i386-1_slack8.1.tgz\n\nSlackware 9.0 package:\n858b8cbf528801d500db9c8353dffd01 fetchmail-6.3.8-i386-1_slack9.0.tgz\n\nSlackware 9.1 package:\nd791215ee93508ab8e82a9038a7a838f fetchmail-6.3.8-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\nf30d0eadac70861cd437112f426c97e4 fetchmail-6.3.8-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\n64c4a49b7b88e67151cbf9c68b66c64a fetchmail-6.3.8-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\n507cd71d2d2fdbcce4b009eb730f12ba fetchmail-6.3.8-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\nc221a17709e63f4a61df34a02c65ff6f fetchmail-6.3.8-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\ne6f9da78a683f27bd4788d391a4d2edd fetchmail-6.3.8-i486-3_slack12.0.tgz\n\nSlackware 12.1 package:\nef59967ab69a16d6b23083691550d53d fetchmail-6.3.8-i486-3_slack12.1.tgz\n\nSlackware -current package:\n0c4c7d0a8d72ef4548bff0c60cdd516a fetchmail-6.3.8-i486-3.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg fetchmail-6.3.8-i486-3_slack12.1.tgz", "cvss3": {}, "published": "2008-07-29T05:31:09", "type": "slackware", "title": "[slackware-security] fetchmail", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2711"], "modified": "2008-07-29T05:31:09", "id": "SSA-2008-210-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.495740", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T07:37:20", "description": "New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, 11.0, 12.0, 12.1, 12.2, and -current to a fix security issue.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666\n\n\nHere are the details from the Slackware 12.2 ChangeLog:\n\nn/fetchmail-6.3.11-i486-1_slack12.0.tgz: Upgraded.\n This update fixes an SSL NUL prefix impersonation attack through NULs in a\n part of a X.509 certificate's CommonName and subjectAltName fields.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/fetchmail-6.3.11-i386-1_slack8.1.tgz\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/fetchmail-6.3.11-i386-1_slack9.0.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/fetchmail-6.3.11-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/fetchmail-6.3.11-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/fetchmail-6.3.11-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/fetchmail-6.3.11-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/fetchmail-6.3.11-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/fetchmail-6.3.11-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/fetchmail-6.3.11-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/fetchmail-6.3.11-i486-1_slack12.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/fetchmail-6.3.11-i486-1.txz\n\nUpdated package for Slackware64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/fetchmail-6.3.11-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 8.1 package:\n62eb603b7595bd47231ef334e3e21bf9 fetchmail-6.3.11-i386-1_slack8.1.tgz\n\nSlackware 9.0 package:\nb4e28a6d5b1f6c7981077d095e7d5659 fetchmail-6.3.11-i386-1_slack9.0.tgz\n\nSlackware 9.1 package:\n4a970c015174591e228d6e971709d6cf fetchmail-6.3.11-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\n23aebad2dfee1e170cfd1179afbbe90f fetchmail-6.3.11-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\n201a29f85084cf0ba2c9e362ae12cdb1 fetchmail-6.3.11-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\n03c425a6c391bbe7d8fe64d97097c664 fetchmail-6.3.11-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\n4eb1710ec33b4d2770df6b93734519d0 fetchmail-6.3.11-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\n36797994f28beaf9bf8a8bed9e12a144 fetchmail-6.3.11-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n916a5de06359934dd627dad6cc0918aa fetchmail-6.3.11-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\na48d7ec3f5eea1df790221c49600b799 fetchmail-6.3.11-i486-1_slack12.2.tgz\n\nSlackware -current package:\n8a9b73e382b8d9bbb2c1db0ca1759112 fetchmail-6.3.11-i486-1.txz\n\nSlackware64 -current package:\n890c4912a191c6f90df12a2e431ab340 fetchmail-6.3.11-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg fetchmail-6.3.11-i486-1_slack12.2.tgz", "cvss3": {}, "published": "2009-08-06T01:10:24", "type": "slackware", "title": "fetchmail", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-2666"], "modified": "2009-08-06T01:10:24", "id": "SSA-2009-218-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.543463", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "ubuntucve": [{"lastseen": "2023-06-06T14:58:34", "description": "fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode,\nallows remote attackers to cause a denial of service (crash and persistent\nmail failure) via a malformed mail message with long headers, which\ntriggers an erroneous dereference when using vsnprintf to format log\nmessages.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/bugs/240549>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | per Debian, http://www.openwall.com/lists/oss-security/2008/06/13/1, -vv is only used for debugging purposes so this does not prevent a victim from getting mails. -vv is not used in non-interactive use.\n", "cvss3": {}, "published": "2008-06-16T00:00:00", "type": "ubuntucve", "title": "CVE-2008-2711", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2711"], "modified": "2008-06-16T00:00:00", "id": "UB:CVE-2008-2711", "href": "https://ubuntu.com/security/CVE-2008-2711", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T15:00:12", "description": "sink.c in fetchmail before 6.3.9 allows context-dependent attackers to\ncause a denial of service (NULL dereference and application crash) by\nrefusing certain warning messages that are sent over SMTP.", "cvss3": {}, "published": "2007-08-28T00:00:00", "type": "ubuntucve", "title": "CVE-2007-4565", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4565"], "modified": "2007-08-28T00:00:00", "id": "UB:CVE-2007-4565", "href": "https://ubuntu.com/security/CVE-2007-4565", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T14:55:27", "description": "socket.c in fetchmail before 6.3.11 does not properly handle a '\\0'\ncharacter in a domain name in the subject's Common Name (CN) field of an\nX.509 certificate, which allows man-in-the-middle attackers to spoof\narbitrary SSL servers via a crafted certificate issued by a legitimate\nCertification Authority, a related issue to CVE-2009-2408.", "cvss3": {}, "published": "2009-08-07T00:00:00", "type": "ubuntucve", "title": "CVE-2009-2666", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2408", "CVE-2009-2666"], "modified": "2009-08-07T00:00:00", "id": "UB:CVE-2009-2666", "href": "https://ubuntu.com/security/CVE-2009-2666", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "debiancve": [{"lastseen": "2023-06-07T14:54:54", "description": "fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.", "cvss3": {}, "published": "2008-06-16T21:41:00", "type": "debiancve", "title": "CVE-2008-2711", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2711"], "modified": "2008-06-16T21:41:00", "id": "DEBIANCVE:CVE-2008-2711", "href": "https://security-tracker.debian.org/tracker/CVE-2008-2711", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-07T14:54:54", "description": "sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.", "cvss3": {}, "published": "2007-08-28T01:17:00", "type": "debiancve", "title": "CVE-2007-4565", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4565"], "modified": "2007-08-28T01:17:00", "id": "DEBIANCVE:CVE-2007-4565", "href": "https://security-tracker.debian.org/tracker/CVE-2007-4565", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T14:54:37", "description": "socket.c in fetchmail before 6.3.11 does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.", "cvss3": {}, "published": "2009-08-07T19:00:00", "type": "debiancve", "title": "CVE-2009-2666", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2408", "CVE-2009-2666"], "modified": "2009-08-07T19:00:00", "id": "DEBIANCVE:CVE-2009-2666", "href": "https://security-tracker.debian.org/tracker/CVE-2009-2666", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "debian": [{"lastseen": "2023-05-02T17:16:09", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA-1852-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nAugust 7th, 2009 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : fetchmail\nVulnerability : insufficient input validation\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2009-2666\n\nIt was discovered that fetchmail, a full-featured remote mail retrieval\nand forwarding utility, is vulnerable to the "Null Prefix Attacks Against\nSSL/TLS Certificates" recently published at the Blackhat conference.\nThis allows an attacker to perform undetected man-in-the-middle attacks\nvia a crafted ITU-T X.509 certificate with an injected null byte in the\nsubjectAltName or Common Name fields.\n\nNote, as a fetchmail user you should always use strict certificate\nvalidation through either these option combinations:\n sslcertck ssl sslproto ssl3 (for service on SSL-wrapped ports)\nor\n sslcertck sslproto tls1 (for STARTTLS-based services)\n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 6.3.6-1etch2.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 6.3.9~rc2-4+lenny1.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6.3.9~rc2-6.\n\n\nWe recommend that you upgrade your fetchmail packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2.dsc\n Size/MD5 checksum: 882 5d96480a102ad30f66dbac6bcbae1037\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6.orig.tar.gz\n Size/MD5 checksum: 1680200 04175459cdf32fdb10d9e8fc46b633c3\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2.diff.gz\n Size/MD5 checksum: 45665 a51b0544434e51577863032336812bd6\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.3.6-1etch2_all.deb\n Size/MD5 checksum: 61444 f65648771182f763268cbc7fd643da8b\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_alpha.deb\n Size/MD5 checksum: 666592 289c6c238d70e71771d5c0c87b764a87\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_amd64.deb\n Size/MD5 checksum: 649604 8d2e4ff30c29e9e67831ec9aab5a567e\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_arm.deb\n Size/MD5 checksum: 645170 928f041ad7b0311ac0188e4e6ca6256f\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_hppa.deb\n Size/MD5 checksum: 658340 511591dee94637fe440c6a737a3fd880\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_i386.deb\n Size/MD5 checksum: 642772 5ddc7364f8f34b1b12d1e5b17ff9ac6d\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_ia64.deb\n Size/MD5 checksum: 700924 6d7f77eca56a191e0fab3bdf8fa98c37\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_powerpc.deb\n Size/MD5 checksum: 647274 771f97aa2d2029135185afcbf05b605c\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_s390.deb\n Size/MD5 checksum: 647026 f2ac2a5ce6f648b7d88948530456d02d\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_sparc.deb\n Size/MD5 checksum: 640688 974ffde76095f1fa184cf1eced7b7dae\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1.dsc\n Size/MD5 checksum: 1375 39a3debdf4c4cf3e313c75e5688209ca\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1.diff.gz\n Size/MD5 checksum: 46891 a2715b1768546ea2d7a3c8a518aa8188\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2.orig.tar.gz\n Size/MD5 checksum: 1711087 200ece6f73ac28ccda7aea42ea4e492d\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.3.9~rc2-4+lenny1_all.deb\n Size/MD5 checksum: 63124 1cd8fa8a8367a1bc8f1d30ff2d8ff3ee\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_alpha.deb\n Size/MD5 checksum: 680224 1a2ddefc8a90da5e2d31291f1101442c\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_amd64.deb\n Size/MD5 checksum: 668616 65015cc17b556da2e44ef1496171e9fd\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_arm.deb\n Size/MD5 checksum: 663090 4b4fccf839ee8b6f1f94a997ac911179\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_armel.deb\n Size/MD5 checksum: 662018 837c3029b01e180f2447ff0f19555dc5\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_hppa.deb\n Size/MD5 checksum: 673570 7dbce7d81c38e4fa9562626610b09f65\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_i386.deb\n Size/MD5 checksum: 657844 a9e357f91278e9108018725c96eeb8ae\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_ia64.deb\n Size/MD5 checksum: 719116 4b2f362a01870c0770f010bcc5012aad\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_mips.deb\n Size/MD5 checksum: 664870 2abf34330924241ce890b703709c5895\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_mipsel.deb\n Size/MD5 checksum: 663906 88af289787ec5fd46c83f28a0de65849\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_powerpc.deb\n Size/MD5 checksum: 669542 7c9a426df9ef71c0420ccb030e5d422b\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_s390.deb\n Size/MD5 checksum: 666976 6aa0fd370bd06f3c39d9230c82cde208\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_sparc.deb\n Size/MD5 checksum: 658912 699f23466f0003f7f38f02111d5a3363\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2009-08-07T15:31:48", "type": "debian", "title": "[SECURITY] [DSA 1852-1] New fetchmail packages fix SSL certificate verification weakness", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2666"], "modified": "2009-08-07T15:31:48", "id": "DEBIAN:DSA-1852-1:8C929", "href": "https://lists.debian.org/debian-security-announce/2009/msg00168.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-05-02T17:27:09", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1377-2 security@debian.org\nhttp://www.debian.org/security/ Steve Kemp\nSeptember 21, 2007 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : fetchmail\nVulnerability : null pointer dereference\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2007-4565\n\nMatthias Andree discovered that fetchmail, an SSL enabled POP3, APOP \nand IMAP mail gatherer/forwarder, can under certain circumstances \nattempt to dereference a NULL pointer and crash.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 6.3.6-1etch1.\n\nFor the old stable distribution (sarge), this problem was not present.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your fetchmail package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_i386.deb\n Size/MD5 checksum: 641344 2eadc43a18712b3a1763094f7c837475\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2007-09-21T16:43:46", "type": "debian", "title": "[SECURITY] [DSA 1377-2] New fetchmail packages fix denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4565"], "modified": "2007-09-21T16:43:46", "id": "DEBIAN:DSA-1377-2:20B24", "href": "https://lists.debian.org/debian-security-announce/2007/msg00145.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-02T17:27:13", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1377 security@debian.org\nhttp://www.debian.org/security/ Steve Kemp\nSeptember 21, 2007 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : fetchmail\nVulnerability : null pointer dereference\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2007-4565\n\nMatthias Andree discovered that fetchmail, an SSL enabled POP3, APOP \nand IMAP mail gatherer/forwarder, can under certain circumstances \nattempt to dereference a NULL pointer and crash.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 6.3.6-1etch1.\n\nFor the old stable distribution (sarge), this problem was not present.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your fetchmail package.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1.diff.gz\n Size/MD5 checksum: 44533 19b72a3a0b2cf08f833ea21c3e18902c\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6.orig.tar.gz\n Size/MD5 checksum: 1680200 04175459cdf32fdb10d9e8fc46b633c3\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1.dsc\n Size/MD5 checksum: 874 0aa3d869aba6fdfe87d1c4a626f5380e\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.3.6-1etch1_all.deb\n Size/MD5 checksum: 61564 f587ce05ee98694f3bd4db0fa88742f7\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_amd64.deb\n Size/MD5 checksum: 650278 b00d2237d26d9e588e6c03ad17f79a74\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_arm.deb\n Size/MD5 checksum: 645026 67e5ebf76d55cc857610d3b326784d3c\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_hppa.deb\n Size/MD5 checksum: 654006 58d5770e497d405c1e2f867add9d6f87\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_ia64.deb\n Size/MD5 checksum: 700752 df4c57c97970537cb2f6a885bc03e54d\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_mips.deb\n Size/MD5 checksum: 650540 49b888adc52c5bf8d4be82c4b51d68f5\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_powerpc.deb\n Size/MD5 checksum: 647060 a278efba96b95e15977628bd85af5c85\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_s390.deb\n Size/MD5 checksum: 646896 e520c2c6febf1e756a75b75cbc06c723\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_sparc.deb\n Size/MD5 checksum: 641102 938f11eb5071c7e141c6ff8795af87e7\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2007-09-21T11:28:16", "type": "debian", "title": "[SECURITY] [DSA 1377-1] New fetchmail packages fix denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4565"], "modified": "2007-09-21T11:28:16", "id": "DEBIAN:DSA-1377-1:F4A0B", "href": "https://lists.debian.org/debian-security-announce/2007/msg00144.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:07:44", "description": "\nIt was discovered that fetchmail, a full-featured remote mail retrieval\nand forwarding utility, is vulnerable to the \"Null Prefix Attacks Against\nSSL/TLS Certificates\" recently published at the Blackhat conference.\nThis allows an attacker to perform undetected man-in-the-middle attacks\nvia a crafted ITU-T X.509 certificate with an injected null byte in the\nsubjectAltName or Common Name fields.\n\n\nNote, as a fetchmail user you should always use strict certificate\nvalidation through either these option combinations:\n sslcertck ssl sslproto ssl3 (for service on SSL-wrapped ports)\nor\n sslcertck sslproto tls1 (for STARTTLS-based services)\n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 6.3.6-1etch2.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 6.3.9~rc2-4+lenny1.\n\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6.3.9~rc2-6.\n\n\nWe recommend that you upgrade your fetchmail packages.\n\n\n", "cvss3": {}, "published": "2009-08-07T00:00:00", "type": "osv", "title": "fetchmail - SSL certificate verification weakness", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2666"], "modified": "2022-08-10T07:07:40", "id": "OSV:DSA-1852-1", "href": "https://osv.dev/vulnerability/DSA-1852-1", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-07-21T08:35:13", "description": "\nMatthias Andree discovered that fetchmail, an SSL enabled POP3, APOP \nand IMAP mail gatherer/forwarder, can under certain circumstances \nattempt to dereference a NULL pointer and crash.\n\n\nFor the old stable distribution (sarge), this problem was not present.\n\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 6.3.6-1etch1.\n\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\n\nWe recommend that you upgrade your fetchmail package.\n\n\n", "cvss3": {}, "published": "2007-09-21T00:00:00", "type": "osv", "title": "fetchmail - null pointer dereference", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4565"], "modified": "2022-07-21T05:46:21", "id": "OSV:DSA-1377-2", "href": "https://osv.dev/vulnerability/DSA-1377-2", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2023-06-06T16:22:01", "description": "## Releases\n\n * Ubuntu 9.04 \n * Ubuntu 8.10 \n * Ubuntu 8.04 \n * Ubuntu 6.06 \n\n## Packages\n\n * fetchmail \\- \n\nMatthias Andree discovered that fetchmail did not properly handle \ncertificates with NULL characters in the certificate name. A remote \nattacker could exploit this to perform a machine-in-the-middle attack to \nview sensitive information or alter encrypted communications.\n", "cvss3": {}, "published": "2009-08-12T00:00:00", "type": "ubuntu", "title": "fetchmail vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2666"], "modified": "2009-08-12T00:00:00", "id": "USN-816-1", "href": "https://ubuntu.com/security/notices/USN-816-1", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-06-06T16:24:04", "description": "## Releases\n\n * Ubuntu 7.04 \n * Ubuntu 6.10 \n * Ubuntu 6.06 \n\n## Packages\n\n * fetchmail \\- \n\nGaetan Leurent discovered a vulnerability in the APOP protocol based \non MD5 collisions. As fetchmail supports the APOP protocol, this \nvulnerability can be used by attackers to discover a portion of the APOP \nuser's authentication credentials. (CVE-2007-1558)\n\nEarl Chew discovered that fetchmail can be made to de-reference a NULL \npointer when contacting SMTP servers. This vulnerability can be used \nby attackers who control the SMTP server to crash fetchmail and cause \na denial of service. (CVE-2007-4565)\n", "cvss3": {}, "published": "2007-09-26T00:00:00", "type": "ubuntu", "title": "fetchmail vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1558", "CVE-2007-4565"], "modified": "2007-09-26T00:00:00", "id": "USN-520-1", "href": "https://ubuntu.com/security/notices/USN-520-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2023-06-06T15:04:57", "description": "A flaw was found in fetchmail. The flaw lies in how fetchmail when running in verbose mode using the -v flag tries to log long messages that are created from long headers. An attacker could potentially use this flaw to cause a Denial of Service attack or crash. The highest threat from this vulnerability is to data availability. This flaw was earlier identified by CVE-2008-2711 and fixed, however it recently got reintroduced due to a code refactoring issue. The current bug fix applies a different approach than the earlier one.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-29T16:20:37", "type": "redhatcve", "title": "CVE-2021-36386", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2711", "CVE-2021-36386"], "modified": "2023-04-06T09:11:07", "id": "RH:CVE-2021-36386", "href": "https://access.redhat.com/security/cve/cve-2021-36386", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:37:40", "description": "Subversion is a revision control system, which is mainly used for code development. The ibsvn_delta library is vulnerable to integer overflows while processing svndiff streams, this leads to overflows on the heap because of insufficient memory allocation. This bug can be exploited by clients with commit access to cause a remote denial-of-service or arbitrary code execution. It can also be exploited in the other direction from a server to a client that tries to do a checkout or update.\n#### Solution\nPlease update.", "cvss3": {}, "published": "2009-08-14T11:06:32", "type": "suse", "title": "remote code execution in subversion", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-2411", "CVE-2009-2666"], "modified": "2009-08-14T11:06:32", "id": "SUSE-SA:2009:044", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00006.html", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2023-06-06T15:27:47", "description": "### Background\n\nFetchmail is a remote mail retrieval and forwarding utility. \n\n### Description\n\nMultiple vulnerabilities have been reported in Fetchmail: \n\n * The sdump() function might trigger a heap-based buffer overflow during the escaping of non-printable characters with the high bit set from an X.509 certificate (CVE-2010-0562).\n * The vendor reported that Fetchmail does not properly handle Common Name (CN) fields in X.509 certificates that contain an ASCII NUL character. Specifically, the processing of such fields is stopped at the first occurrence of a NUL character. This type of vulnerability was recently discovered by Dan Kaminsky and Moxie Marlinspike (CVE-2009-2666).\n\n### Impact\n\nA remote attacker could entice a user to connect with Fetchmail to a specially crafted SSL-enabled server in verbose mode, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. NOTE: The issue is only existent on platforms on which char is signed. \n\nFurthermore, a remote attacker might employ a specially crafted X.509 certificate, containing a NUL character in the Common Name field to conduct man-in-the-middle attacks on SSL connections made using Fetchmail. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Fetchmail users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-mail/fetchmail-6.3.14\"", "cvss3": {}, "published": "2010-06-01T00:00:00", "type": "gentoo", "title": "Fetchmail: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2666", "CVE-2010-0562"], "modified": "2010-06-01T00:00:00", "id": "GLSA-201006-12", "href": "https://security.gentoo.org/glsa/201006-12", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}

fetchmail security update

Description

Related