5 - USN-520-1

Executive Summary

Summary
Title	fetchmail vulnerabilities

Informations
Name	USN-520-1	First vendor Publication	2007-09-26
Vendor	Ubuntu	Last vendor Modification	2007-09-26
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS:
fetchmail 6.3.2-2ubuntu2.2

Ubuntu 6.10:
fetchmail 6.3.4-1ubuntu4.2

Ubuntu 7.04:
fetchmail 6.3.6-1ubuntu2.1

In general, a standard system upgrade is sufficient to affect the necessary changes.

Details follow:

Gaetan Leurent discovered a vulnerability in the APOP protocol based on MD5 collisions. As fetchmail supports the APOP protocol, this vulnerability can be used by attackers to discover a portion of the APOP user's authentication credentials. (CVE-2007-1558)

Earl Chew discovered that fetchmail can be made to de-reference a NULL pointer when contacting SMTP servers. This vulnerability can be used by attackers who control the SMTP server to crash fetchmail and cause a denial of service. (CVE-2007-4565)

Original Source

Url : http://www.ubuntu.com/usn/USN-520-1

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10528

Oval ID:	oval:org.mitre.oval:def:10528
Title:	sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
Description:	sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-4565	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND fetchmail is earlier than 0:6.2.0-3.el3.5 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND fetchmail is earlier than 0:6.2.5-6.0.1.el4_8.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND fetchmail is earlier than 0:6.3.6-1.1.el5_3.1

Definition Id: oval:org.mitre.oval:def:17131

Oval ID:	oval:org.mitre.oval:def:17131
Title:	USN-520-1 -- fetchmail vulnerabilities
Description:	Gaetan Leurent discovered a vulnerability in the APOP protocol based on MD5 collisions.
Family:	unix	Class:	patch
Reference(s):	USN-520-1 CVE-2007-1558 CVE-2007-4565	Version:	7
Platform(s):	Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04	Product(s):	fetchmail
Definition Synopsis:
Release section Ubuntu 6.06 is installed AND fetchmail DPKG is earlier than 6.3.2-2ubuntu2.2 AND Release section Ubuntu 6.10 is installed AND fetchmail DPKG is earlier than 6.3.4-1ubuntu4.2 AND Release section Ubuntu 7.04 is installed AND fetchmail DPKG is earlier than 6.3.6-1ubuntu2.1

Definition Id: oval:org.mitre.oval:def:20221

Oval ID:	oval:org.mitre.oval:def:20221
Title:	DSA-1377-2 fetchmail - null pointer dereference
Description:	Matthias Andree discovered that fetchmail, an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder, can under certain circumstances attempt to dereference a NULL pointer and crash.
Family:	unix	Class:	patch
Reference(s):	DSA-1377-2 CVE-2007-4565	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	fetchmail
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND fetchmail DPKG is earlier than 0:6.3.6-1etch1

Definition Id: oval:org.mitre.oval:def:22506

Oval ID:	oval:org.mitre.oval:def:22506
Title:	ELSA-2007:0385: fetchmail security update (Moderate)
Description:	The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
Family:	unix	Class:	patch
Reference(s):	ELSA-2007:0385-03 CVE-2007-1558	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	fetchmail
Definition Synopsis:
Oracle Linux 5.x AND fetchmail is earlier than 0:6.3.6-1.0.1.el5

Definition Id: oval:org.mitre.oval:def:22650

Oval ID:	oval:org.mitre.oval:def:22650
Title:	ELSA-2007:0344: evolution-data-server security update (Moderate)
Description:	The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
Family:	unix	Class:	patch
Reference(s):	ELSA-2007:0344-01 CVE-2007-1558	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	evolution-data-server
Definition Synopsis:
Oracle Linux 5.x rpm test evolution-data-server is earlier than 0:1.8.0-15.0.3.el5 AND evolution-data-server-devel is earlier than 0:1.8.0-15.0.3.el5

Definition Id: oval:org.mitre.oval:def:9782

Oval ID:	oval:org.mitre.oval:def:9782
Title:	The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
Description:	The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-1558	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.9-0.1.el3 AND seamonkey-js-debugger is earlier than 0:1.0.9-0.1.el3 AND seamonkey-nss-devel is earlier than 0:1.0.9-0.1.el3 AND seamonkey is earlier than 0:1.0.9-0.1.el3 AND seamonkey-nspr-devel is earlier than 0:1.0.9-0.1.el3 AND evolution is earlier than 0:1.4.5-20.el3 AND seamonkey-mail is earlier than 0:1.0.9-0.1.el3 AND fetchmail is earlier than 0:6.2.0-3.el3.4 AND mutt is earlier than 5:1.4.1-5.el3 AND seamonkey-chat is earlier than 0:1.0.9-0.1.el3 AND seamonkey-nss is earlier than 0:1.0.9-0.1.el3 AND seamonkey-devel is earlier than 0:1.0.9-0.1.el3 AND seamonkey-dom-inspector is earlier than 0:1.0.9-0.1.el3 AND evolution-devel is earlier than 0:1.4.5-20.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section seamonkey-js-debugger is earlier than 0:1.0.9-2.el4 AND seamonkey-nss-devel is earlier than 0:1.0.9-2.el4 AND irb is earlier than 0:1.8.1-7.el4_8.3 AND seamonkey-nss is earlier than 0:1.0.9-2.el4 AND devhelp-devel is earlier than 0:0.10-0.8.el4 AND ruby-docs is earlier than 0:1.8.1-7.el4_8.3 AND ruby-mode is earlier than 0:1.8.1-7.el4_8.3 AND seamonkey-nspr is earlier than 0:1.0.9-2.el4 AND ruby-devel is earlier than 0:1.8.1-7.el4_8.3 AND thunderbird is earlier than 0:1.5.0.12-0.1.el4 AND ruby is earlier than 0:1.8.1-7.el4_8.3 AND ruby-libs is earlier than 0:1.8.1-7.el4_8.3 AND seamonkey is earlier than 0:1.0.9-2.el4 AND seamonkey-nspr-devel is earlier than 0:1.0.9-2.el4 AND devhelp is earlier than 0:0.10-0.8.el4 AND evolution is earlier than 0:2.0.2-35.0.2.el4 AND seamonkey-mail is earlier than 0:1.0.9-2.el4 AND mutt is earlier than 5:1.4.1-12.0.3.el4 AND fetchmail is earlier than 0:6.2.5-6.0.1.el4 AND ruby-tcltk is earlier than 0:1.8.1-7.el4_8.3 AND seamonkey-chat is earlier than 0:1.0.9-2.el4 AND seamonkey-devel is earlier than 0:1.0.9-2.el4 AND seamonkey-dom-inspector is earlier than 0:1.0.9-2.el4 AND evolution-devel is earlier than 0:2.0.2-35.0.2.el4 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section ruby-ri is earlier than 0:1.8.5-5.el5_3.7 AND ruby-mode is earlier than 0:1.8.5-5.el5_3.7 AND ruby-docs is earlier than 0:1.8.5-5.el5_3.7 AND ruby-devel is earlier than 0:1.8.5-5.el5_3.7 AND thunderbird is earlier than 0:1.5.0.12-1.el5 AND ruby is earlier than 0:1.8.5-5.el5_3.7 AND ruby-libs is earlier than 0:1.8.5-5.el5_3.7 AND evolution-data-server-devel is earlier than 0:1.8.0-15.0.3.el5 AND evolution-data-server is earlier than 0:1.8.0-15.0.3.el5 AND fetchmail is earlier than 0:6.3.6-1.0.1.el5 AND mutt is earlier than 5:1.4.2.2-3.0.2.el5 AND ruby-tcltk is earlier than 0:1.8.5-5.el5_3.7 AND ruby-rdoc is earlier than 0:1.8.5-5.el5_3.7 AND ruby-irb is earlier than 0:1.8.5-5.el5_3.7

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apop Protocol cpe:2.3:a:apop_protocol:apop_protocol::::::::	1
Application	Fetchmail cpe:2.3:a:fetchmail:fetchmail:6.3.9:::::::* cpe:2.3:a:fetchmail:fetchmail:6.3.9:rc2:::::: cpe:2.3:a:fetchmail:fetchmail:6.3.8:::::::* cpe:2.3:a:fetchmail:fetchmail:6.3.7:::::::* cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc2:::::: cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc1:::::: cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc3:::::: cpe:2.3:a:fetchmail:fetchmail:6.3.6:::::::* cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc4:::::: cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc5:::::: cpe:2.3:a:fetchmail:fetchmail:6.3.5:::::::* cpe:2.3:a:fetchmail:fetchmail:6.3.4:::::::* cpe:2.3:a:fetchmail:fetchmail:6.3.3:::::::* cpe:2.3:a:fetchmail:fetchmail:6.3.2:::::::* cpe:2.3:a:fetchmail:fetchmail:6.3.1:::::::* cpe:2.3:a:fetchmail:fetchmail:6.3.0:::::::* cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc3:::::: cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc8:::::: cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc10:::::: cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc5:::::: cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc7:::::: cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc9:::::: cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc4:::::: cpe:2.3:a:fetchmail:fetchmail:6.2.6:pre4:::::: cpe:2.3:a:fetchmail:fetchmail:6.2.6:pre9:::::: cpe:2.3:a:fetchmail:fetchmail:6.2.6:pre8:::::: cpe:2.3:a:fetchmail:fetchmail:6.2.5.4:::::::* cpe:2.3:a:fetchmail:fetchmail:6.2.5.2:::::::* cpe:2.3:a:fetchmail:fetchmail:6.2.5.1:::::::* cpe:2.3:a:fetchmail:fetchmail:6.2.5:::::::* cpe:2.3:a:fetchmail:fetchmail:6.2.4:::::::* cpe:2.3:a:fetchmail:fetchmail:6.2.3:::::::* cpe:2.3:a:fetchmail:fetchmail:6.2.2:::::::* cpe:2.3:a:fetchmail:fetchmail:6.2.1:::::::* cpe:2.3:a:fetchmail:fetchmail:6.2.0:::::::* cpe:2.3:a:fetchmail:fetchmail:6.1.3:::::::* cpe:2.3:a:fetchmail:fetchmail:6.1.0:::::::* cpe:2.3:a:fetchmail:fetchmail:6.0.0:::::::* cpe:2.3:a:fetchmail:fetchmail:5.9.9:::::::* cpe:2.3:a:fetchmail:fetchmail:5.9.8:::::::* cpe:2.3:a:fetchmail:fetchmail:5.9.5:::::::* cpe:2.3:a:fetchmail:fetchmail:5.9.4:::::::* cpe:2.3:a:fetchmail:fetchmail:5.9.13:::::::* cpe:2.3:a:fetchmail:fetchmail:5.9.11:::::::* cpe:2.3:a:fetchmail:fetchmail:5.9.10:::::::* cpe:2.3:a:fetchmail:fetchmail:5.9.0:::::::* cpe:2.3:a:fetchmail:fetchmail:5.8.6:::::::* cpe:2.3:a:fetchmail:fetchmail:5.8.5:::::::* cpe:2.3:a:fetchmail:fetchmail:5.8.4:::::::* cpe:2.3:a:fetchmail:fetchmail:5.8.3:::::::* cpe:2.3:a:fetchmail:fetchmail:5.8.2:::::::* cpe:2.3:a:fetchmail:fetchmail:5.8.17:::::::* cpe:2.3:a:fetchmail:fetchmail:5.8.14:::::::* cpe:2.3:a:fetchmail:fetchmail:5.8.13:::::::* cpe:2.3:a:fetchmail:fetchmail:5.8.11:::::::* cpe:2.3:a:fetchmail:fetchmail:5.8.1:::::::* cpe:2.3:a:fetchmail:fetchmail:5.8:::::::* cpe:2.3:a:fetchmail:fetchmail:5.7.4:::::::* cpe:2.3:a:fetchmail:fetchmail:5.7.2:::::::* cpe:2.3:a:fetchmail:fetchmail:5.7.0:::::::* cpe:2.3:a:fetchmail:fetchmail:5.6.0:::::::* cpe:2.3:a:fetchmail:fetchmail:5.5.6:::::::* cpe:2.3:a:fetchmail:fetchmail:5.5.5:::::::* cpe:2.3:a:fetchmail:fetchmail:5.5.3:::::::* cpe:2.3:a:fetchmail:fetchmail:5.5.2:::::::* cpe:2.3:a:fetchmail:fetchmail:5.5.0:::::::* cpe:2.3:a:fetchmail:fetchmail:5.4.5:::::::* cpe:2.3:a:fetchmail:fetchmail:5.4.4:::::::* cpe:2.3:a:fetchmail:fetchmail:5.4.3:::::::* cpe:2.3:a:fetchmail:fetchmail:5.4.0:::::::* cpe:2.3:a:fetchmail:fetchmail:5.3.8:::::::* cpe:2.3:a:fetchmail:fetchmail:5.3.3:::::::* cpe:2.3:a:fetchmail:fetchmail:5.3.1:::::::* cpe:2.3:a:fetchmail:fetchmail:5.3.0:::::::* cpe:2.3:a:fetchmail:fetchmail:5.2.8:::::::* cpe:2.3:a:fetchmail:fetchmail:5.2.7:::::::* cpe:2.3:a:fetchmail:fetchmail:5.2.4:::::::* cpe:2.3:a:fetchmail:fetchmail:5.2.3:::::::* cpe:2.3:a:fetchmail:fetchmail:5.2.1:::::::* cpe:2.3:a:fetchmail:fetchmail:5.2.0:::::::* cpe:2.3:a:fetchmail:fetchmail:5.1.4:::::::* cpe:2.3:a:fetchmail:fetchmail:5.1.0:::::::* cpe:2.3:a:fetchmail:fetchmail:5.0.8:::::::* cpe:2.3:a:fetchmail:fetchmail:5.0.7:::::::* cpe:2.3:a:fetchmail:fetchmail:5.0.6:::::::* cpe:2.3:a:fetchmail:fetchmail:5.0.5:::::::* cpe:2.3:a:fetchmail:fetchmail:5.0.4:::::::* cpe:2.3:a:fetchmail:fetchmail:5.0.3:::::::* cpe:2.3:a:fetchmail:fetchmail:5.0.2:::::::* cpe:2.3:a:fetchmail:fetchmail:5.0.1:::::::* cpe:2.3:a:fetchmail:fetchmail:5.0.0:::::::* cpe:2.3:a:fetchmail:fetchmail:4.7.7:::::::* cpe:2.3:a:fetchmail:fetchmail:4.7.6:::::::* cpe:2.3:a:fetchmail:fetchmail:4.7.5:::::::* cpe:2.3:a:fetchmail:fetchmail:4.7.4:::::::* cpe:2.3:a:fetchmail:fetchmail:4.7.3:::::::* cpe:2.3:a:fetchmail:fetchmail:4.7.2:::::::* cpe:2.3:a:fetchmail:fetchmail:4.7.1:::::::* cpe:2.3:a:fetchmail:fetchmail:4.7.0:::::::* cpe:2.3:a:fetchmail:fetchmail:4.6.9:::::::* cpe:2.3:a:fetchmail:fetchmail:4.6.8:::::::* cpe:2.3:a:fetchmail:fetchmail:4.6.7:::::::* cpe:2.3:a:fetchmail:fetchmail:4.6.6:::::::* cpe:2.3:a:fetchmail:fetchmail:4.6.5:::::::* cpe:2.3:a:fetchmail:fetchmail:4.6.4:::::::* cpe:2.3:a:fetchmail:fetchmail:4.6.3:::::::* cpe:2.3:a:fetchmail:fetchmail:4.6.2:::::::* cpe:2.3:a:fetchmail:fetchmail:4.6.1:::::::* cpe:2.3:a:fetchmail:fetchmail:4.6.0:::::::* cpe:2.3:a:fetchmail:fetchmail:4.5.8:::::::* cpe:2.3:a:fetchmail:fetchmail:4.5.7:::::::* cpe:2.3:a:fetchmail:fetchmail:4.5.6:::::::* cpe:2.3:a:fetchmail:fetchmail:4.5.5:::::::* cpe:2.3:a:fetchmail:fetchmail:4.5.4:::::::* cpe:2.3:a:fetchmail:fetchmail:4.5.3:::::::* cpe:2.3:a:fetchmail:fetchmail:4.5.2:::::::* cpe:2.3:a:fetchmail:fetchmail:4.5.1:::::::* cpe:2.3:a:fetchmail:fetchmail::::::::	118

OpenVAS Exploits

Date	Description
2011-08-09	Name : CentOS Update for fetchmail CESA-2009:1427 centos5 i386 File : nvt/gb_CESA-2009_1427_fetchmail_centos5_i386.nasl
2011-08-09	Name : CentOS Update for fetchmail CESA-2009:1427 centos4 i386 File : nvt/gb_CESA-2009_1427_fetchmail_centos4_i386.nasl
2011-08-09	Name : CentOS Update for ruby CESA-2009:1140 centos5 i386 File : nvt/gb_CESA-2009_1140_ruby_centos5_i386.nasl
2011-08-09	Name : CentOS Update for fetchmail CESA-2009:1427 centos3 i386 File : nvt/gb_CESA-2009_1427_fetchmail_centos3_i386.nasl
2010-05-12	Name : Mac OS X Security Update 2009-001 File : nvt/macosx_secupd_2009-001.nasl
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2009-10-13	Name : SLES10: Security update for mutt File : nvt/sles10_mutt0.nasl
2009-10-13	Name : SLES10: Security update for fetchmail File : nvt/sles10_fetchmail0.nasl
2009-10-10	Name : SLES9: Security update for Mozilla suite File : nvt/sles9p5016317.nasl
2009-10-10	Name : SLES9: Security update for fetchmail File : nvt/sles9p5015579.nasl
2009-09-15	Name : CentOS Security Advisory CESA-2009:1427 (fetchmail) File : nvt/ovcesa2009_1427.nasl
2009-09-09	Name : RedHat Security Advisory RHSA-2009:1427 File : nvt/RHSA_2009_1427.nasl
2009-07-06	Name : RedHat Security Advisory RHSA-2009:1140 File : nvt/RHSA_2009_1140.nasl
2009-07-06	Name : CentOS Security Advisory CESA-2009:1140 (ruby) File : nvt/ovcesa2009_1140.nasl
2009-05-05	Name : HP-UX Update for Thunderbird HPSBUX02156 File : nvt/gb_hp_ux_HPSBUX02156.nasl
2009-04-09	Name : Mandriva Update for evolution MDKSA-2007:107 (evolution) File : nvt/gb_mandriva_MDKSA_2007_107.nasl
2009-04-09	Name : Mandriva Update for fetchmail MDKSA-2007:179 (fetchmail) File : nvt/gb_mandriva_MDKSA_2007_179.nasl
2009-04-09	Name : Mandriva Update for mozilla-thunderbird MDKSA-2007:131 (mozilla-thunderbird) File : nvt/gb_mandriva_MDKSA_2007_131.nasl
2009-04-09	Name : Mandriva Update for mozilla-thunderbird MDKSA-2007:119 (mozilla-thunderbird) File : nvt/gb_mandriva_MDKSA_2007_119.nasl
2009-04-09	Name : Mandriva Update for mutt MDKSA-2007:113 (mutt) File : nvt/gb_mandriva_MDKSA_2007_113.nasl
2009-04-09	Name : Mandriva Update for fetchmail MDKSA-2007:105 (fetchmail) File : nvt/gb_mandriva_MDKSA_2007_105.nasl
2009-03-23	Name : Ubuntu Update for fetchmail vulnerabilities USN-520-1 File : nvt/gb_ubuntu_USN_520_1.nasl
2009-03-23	Name : Ubuntu Update for mozilla-thunderbird vulnerabilities USN-469-1 File : nvt/gb_ubuntu_USN_469_1.nasl
2009-02-27	Name : Fedora Update for devhelp FEDORA-2007-552 File : nvt/gb_fedora_2007_552_devhelp_fc5.nasl
2009-02-27	Name : Fedora Update for mutt FEDORA-2007-0001 File : nvt/gb_fedora_2007_0001_mutt_fc7.nasl
2009-02-27	Name : Fedora Update for thunderbird FEDORA-2007-0544 File : nvt/gb_fedora_2007_0544_thunderbird_fc7.nasl
2009-02-27	Name : Fedora Update for balsa FEDORA-2007-1447 File : nvt/gb_fedora_2007_1447_balsa_fc7.nasl
2009-02-27	Name : Fedora Update for fetchmail FEDORA-2007-1983 File : nvt/gb_fedora_2007_1983_fetchmail_fc7.nasl
2009-02-27	Name : Fedora Update for mutt FEDORA-2007-539 File : nvt/gb_fedora_2007_539_mutt_fc6.nasl
2009-02-27	Name : Fedora Update for mutt FEDORA-2007-540 File : nvt/gb_fedora_2007_540_mutt_fc5.nasl
2009-02-27	Name : Fedora Update for thunderbird FEDORA-2007-550 File : nvt/gb_fedora_2007_550_thunderbird_fc6.nasl
2009-02-27	Name : Fedora Update for fetchmail FEDORA-2007-689 File : nvt/gb_fedora_2007_689_fetchmail_fc6.nasl
2009-02-27	Name : Fedora Update for yelp FEDORA-2007-552 File : nvt/gb_fedora_2007_552_yelp_fc5.nasl
2009-02-27	Name : Fedora Update for seamonkey FEDORA-2007-552 File : nvt/gb_fedora_2007_552_seamonkey_fc5.nasl
2009-02-27	Name : Fedora Update for epiphany FEDORA-2007-552 File : nvt/gb_fedora_2007_552_epiphany_fc5.nasl
2009-02-27	Name : Fedora Update for thunderbird FEDORA-2007-551 File : nvt/gb_fedora_2007_551_thunderbird_fc5.nasl
2009-01-28	Name : SuSE Update for mozilla,MozillaFirefox,MozillaThunderbird SUSE-SA:2007:036 File : nvt/gb_suse_2007_036.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200706-06 (mozilla/thunderbird/firefox/xulrunner) File : nvt/glsa_200706_06.nasl
2008-09-04	Name : FreeBSD Ports: claws-mail File : nvt/freebsd_claws-mail0.nasl
2008-09-04	Name : FreeBSD Ports: fetchmail File : nvt/freebsd_fetchmail9.nasl
2008-09-04	Name : FreeBSD Ports: fetchmail File : nvt/freebsd_fetchmail8.nasl
2008-01-17	Name : Debian Security Advisory DSA 1377-2 (fetchmail) File : nvt/deb_1377_2.nasl
2008-01-17	Name : Debian Security Advisory DSA 1377-1 (fetchmail) File : nvt/deb_1377_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1305-1 (icedove) File : nvt/deb_1305_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1300-1 (iceape) File : nvt/deb_1300_1.nasl
0000-00-00	Name : Slackware Advisory SSA:2007-152-02 firefox-seamonkey-thunderbird File : nvt/esoft_slk_ssa_2007_152_02.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
45833	Fetchmail SMTP Warning Message Refusal DoS
34856	APOP Protocol MiTM Crafted IDs/MD5 Collision Cleartext Password Fragment Disc...

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0344.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0402.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1140.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1427.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2007-0401.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2007-0386.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0353.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2007-0385.nasl - Type : ACT_GATHER_INFO
2012-09-24	Name : The remote Fedora host is missing a security update. File : fedora_2007-0002.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing a security update. File : sl_20090908_fetchmail_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090702_ruby_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing a security update. File : sl_20070607_fetchmail_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing a security update. File : sl_20070604_mutt_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070530_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070530_evolution_data_server_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing a security update. File : sl_20070530_Thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070517_evolution_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1140.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11814.nasl - Type : ACT_GATHER_INFO
2009-09-09	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1427.nasl - Type : ACT_GATHER_INFO
2009-09-09	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1427.nasl - Type : ACT_GATHER_INFO
2009-07-03	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1140.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-131.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0402.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2007-0401.nasl - Type : ACT_GATHER_INFO
2009-02-13	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-001.nasl - Type : ACT_GATHER_INFO
2007-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_fetchmail-4462.nasl - Type : ACT_GATHER_INFO
2007-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mutt-3752.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-469-1.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-520-1.nasl - Type : ACT_GATHER_INFO
2007-11-06	Name : The remote Fedora host is missing a security update. File : fedora_2007-1983.nasl - Type : ACT_GATHER_INFO
2007-11-06	Name : The remote Fedora host is missing a security update. File : fedora_2007-1447.nasl - Type : ACT_GATHER_INFO
2007-11-06	Name : The remote Fedora host is missing a security update. File : fedora_2007-0544.nasl - Type : ACT_GATHER_INFO
2007-10-25	Name : The remote openSUSE host is missing a security update. File : suse_fetchmail-4490.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-3632.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-3631.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_mutt-3751.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_mutt-3702.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-3545.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-3546.nasl - Type : ACT_GATHER_INFO
2007-09-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1377.nasl - Type : ACT_GATHER_INFO
2007-09-14	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-179.nasl - Type : ACT_GATHER_INFO
2007-09-05	Name : The remote Fedora Core host is missing a security update. File : fedora_2007-689.nasl - Type : ACT_GATHER_INFO
2007-09-05	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_45500f74594711dc87c1000e2e5785ad.nasl - Type : ACT_GATHER_INFO
2007-06-21	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200706-06.nasl - Type : ACT_GATHER_INFO
2007-06-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1305.nasl - Type : ACT_GATHER_INFO
2007-06-14	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-119.nasl - Type : ACT_GATHER_INFO
2007-06-12	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1300.nasl - Type : ACT_GATHER_INFO
2007-06-07	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2007-0385.nasl - Type : ACT_GATHER_INFO
2007-06-07	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0385.nasl - Type : ACT_GATHER_INFO
2007-06-05	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-113.nasl - Type : ACT_GATHER_INFO
2007-06-04	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-152-02.nasl - Type : ACT_GATHER_INFO
2007-06-04	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2007-0386.nasl - Type : ACT_GATHER_INFO
2007-06-04	Name : The remote Fedora Core host is missing one or more security updates. File : fedora_2007-552.nasl - Type : ACT_GATHER_INFO
2007-06-04	Name : The remote Fedora Core host is missing a security update. File : fedora_2007-550.nasl - Type : ACT_GATHER_INFO
2007-06-04	Name : The remote Fedora Core host is missing a security update. File : fedora_2007-551.nasl - Type : ACT_GATHER_INFO
2007-06-04	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2007-0386.nasl - Type : ACT_GATHER_INFO
2007-06-01	Name : The remote Fedora Core host is missing a security update. File : fedora_2007-540.nasl - Type : ACT_GATHER_INFO
2007-06-01	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0344.nasl - Type : ACT_GATHER_INFO
2007-06-01	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0344.nasl - Type : ACT_GATHER_INFO
2007-06-01	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2007-0401.nasl - Type : ACT_GATHER_INFO
2007-06-01	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0402.nasl - Type : ACT_GATHER_INFO
2007-06-01	Name : The remote Fedora Core host is missing a security update. File : fedora_2007-539.nasl - Type : ACT_GATHER_INFO
2007-05-31	Name : A web browser on the remote host is prone to multiple flaws. File : seamonkey_109.nasl - Type : ACT_GATHER_INFO
2007-05-31	Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_15012.nasl - Type : ACT_GATHER_INFO
2007-05-25	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2007-005.nasl - Type : ACT_GATHER_INFO
2007-05-20	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0353.nasl - Type : ACT_GATHER_INFO
2007-05-20	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0353.nasl - Type : ACT_GATHER_INFO
2007-05-20	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-105.nasl - Type : ACT_GATHER_INFO
2007-05-20	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-107.nasl - Type : ACT_GATHER_INFO
2007-04-30	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_c389d06dee5711dbbd510016179b2dd5.nasl - Type : ACT_GATHER_INFO
2007-04-10	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_f1c4d133e6d311db99ea0060084a00e5.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 12:04:39	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	6
CPE ID(s)	119
osvdb(s)	2
Openvas Exploit(s)	46
Nessus® Exploit(s)	72

	Related
5	CVE-2007-4565
2.6	CVE-2007-1558
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)

5 - USN-520-1

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU