Spring navigering over

• Om Debian
• Nyheder
• Få fat i Debian
• Support
• Udviklerhjørnet
• Sideoversigt
• Søg

Debians sikkerhedsbulletin

DSA-171-1 fetchmail -- bufferoverløb

Rapporteret den:

7. okt 2002

Berørte pakker:

fetchmail, fetchmail-ssl

Sårbar:

Ja

Referencer i sikkerhedsdatabaser:

I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 5825, BugTraq-id 5826, BugTraq-id 5827.
I Mitres CVE-ordbog: CVE-2002-1175, CVE-2002-1174.

Yderligere oplysninger:

Stefan Esser har opdaget flere bufferoverløb og en ikke-fungerende grænsekontrol i fetchmail. Hvis fetchmail kører i "multidrop"-tilstand, kan disse fejl udnyttes af fjernangribere til at få programmet til at gå end, eller til at udføre vilkårlig kode under den brugerid hørende til den bruger som kører fetchmail. Afhængigt af opsætningen kan dette medfør en fjern-root-udnyttelse.

Disse problemer er rettet i version 5.9.11-6.1 i både fetchmail og fetchmail-ssl i den aktuelle stabile distribution (woody), i version 5.3.3-4.2 af fetchmail i den gamle stabile distribution (potato) og i version 6.1.0-1 af både fetchmail og fetchmail-ssl i den ustabile distribution (sid). Der er ingen fetchmail-ssl-pakker til den gamle stabile distribution (potato) og derfor ingen opdateringer.

Vi anbefaler at du omgående opgraderer dine fetchmail-pakker.

Rettet i:

Debian GNU/Linux 2.2 (potato)

Kildekode:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2.dsc

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2.diff.gz

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3.orig.tar.gz

Arkitekturuafhængig komponent:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_5.3.3-4.2_all.deb

Alpha:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_alpha.deb

ARM:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_arm.deb

Intel IA-32:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_i386.deb

Motorola 680x0:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_m68k.deb

PowerPC:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_powerpc.deb

Sun Sparc:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_sparc.deb

Debian GNU/Linux 3.0 (woody)

Kildekode:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1.dsc

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1.diff.gz

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11.orig.tar.gz

http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1.dsc

http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1.diff.gz

http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11.orig.tar.gz

Arkitekturuafhængig komponent:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail-common_5.9.11-6.1_all.deb

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_5.9.11-6.1_all.deb

Alpha:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1_alpha.deb

http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_alpha.deb

ARM:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1_arm.deb

http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_arm.deb

Intel IA-32:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1_i386.deb

http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_i386.deb

Intel IA-64:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1_ia64.deb

http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_ia64.deb

HP Precision:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1_hppa.deb

http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_hppa.deb

Motorola 680x0:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1_m68k.deb

http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_m68k.deb

Big endian MIPS:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1_mips.deb

http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_mips.deb

Little endian MIPS:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1_mipsel.deb

http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_mipsel.deb

PowerPC:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1_powerpc.deb

http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_powerpc.deb

IBM S/390:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1_s390.deb

http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_s390.deb

Sun Sparc:

http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1_sparc.deb

http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.

Denne side findes også på følgende sprog:

Deutsch English español français Italiano 日本語 (Nihongo) Português svenska

Sådan opsætter du standardsprogvalg for dokumenter