ID de Prueba:	1.3.6.1.4.1.25623.1.0.58384
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2007:105 (fetchmail)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to fetchmail announced via advisory MDKSA-2007:105. The APOP functionality in fetchmail's POP3 client implementation was validating the APOP challenge too lightly, accepting random garbage as a POP3 server's APOP challenge, rather than insisting it conform to RFC-822 specifications. As a result of this flaw, it made man-in-the-middle attacks easier than necessary to retrieve the first few characters of the APOP secret, allowing them to potentially brute force the remaining characters easier than should be possible. Updated packages have been patched to prevent these issues, however it should be noted that the APOP MD5-based authentication scheme should no longer be considered secure. Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:105 http://www.fetchmail.info/fetchmail-SA-2007-01.txt Risk factor : Medium CVSS Score: 2.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1558 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html BugTraq ID: 23257 http://www.securityfocus.com/bid/23257 Bugtraq: 20070402 APOP vulnerability (Google Search) http://www.securityfocus.com/archive/1/464477/30/0/threaded Bugtraq: 20070403 Re: APOP vulnerability (Google Search) http://www.securityfocus.com/archive/1/464569/100/0/threaded Bugtraq: 20070531 FLEA-2007-0023-1: firefox (Google Search) http://www.securityfocus.com/archive/1/470172/100/200/threaded Bugtraq: 20070615 rPSA-2007-0122-1 evolution-data-server (Google Search) http://www.securityfocus.com/archive/1/471455/100/0/threaded Bugtraq: 20070619 FLEA-2007-0026-1: evolution-data-server (Google Search) http://www.securityfocus.com/archive/1/471720/100/0/threaded Bugtraq: 20070620 FLEA-2007-0027-1: thunderbird (Google Search) http://www.securityfocus.com/archive/1/471842/100/0/threaded Cert/CC Advisory: TA07-151A http://www.us-cert.gov/cas/techalerts/TA07-151A.html Debian Security Information: DSA-1300 (Google Search) http://www.debian.org/security/2007/dsa-1300 Debian Security Information: DSA-1305 (Google Search) http://www.debian.org/security/2007/dsa-1305 http://security.gentoo.org/glsa/glsa-200706-06.xml HPdes Security Advisory: HPSBUX02153 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 HPdes Security Advisory: HPSBUX02156 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 HPdes Security Advisory: SSRT061181 HPdes Security Advisory: SSRT061236 http://www.mandriva.com/security/advisories?name=MDKSA-2007:105 http://www.mandriva.com/security/advisories?name=MDKSA-2007:107 http://www.mandriva.com/security/advisories?name=MDKSA-2007:113 http://www.mandriva.com/security/advisories?name=MDKSA-2007:119 http://www.mandriva.com/security/advisories?name=MDKSA-2007:131 http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html http://www.openwall.com/lists/oss-security/2009/08/15/1 http://www.openwall.com/lists/oss-security/2009/08/18/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782 http://www.redhat.com/support/errata/RHSA-2007-0344.html http://www.redhat.com/support/errata/RHSA-2007-0353.html http://www.redhat.com/support/errata/RHSA-2007-0385.html http://www.redhat.com/support/errata/RHSA-2007-0386.html http://www.redhat.com/support/errata/RHSA-2007-0401.html http://www.redhat.com/support/errata/RHSA-2007-0402.html http://www.redhat.com/support/errata/RHSA-2009-1140.html http://www.securitytracker.com/id?1018008 http://secunia.com/advisories/25353 http://secunia.com/advisories/25402 http://secunia.com/advisories/25476 http://secunia.com/advisories/25496 http://secunia.com/advisories/25529 http://secunia.com/advisories/25534 http://secunia.com/advisories/25546 http://secunia.com/advisories/25559 http://secunia.com/advisories/25664 http://secunia.com/advisories/25750 http://secunia.com/advisories/25798 http://secunia.com/advisories/25858 http://secunia.com/advisories/25894 http://secunia.com/advisories/26083 http://secunia.com/advisories/26415 http://secunia.com/advisories/35699 SGI Security Advisory: 20070602-01-P ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857 SuSE Security Announcement: SUSE-SA:2007:036 (Google Search) http://www.novell.com/linux/security/advisories/2007_36_mozilla.html SuSE Security Announcement: SUSE-SR:2007:014 (Google Search) http://www.novell.com/linux/security/advisories/2007_14_sr.html http://www.trustix.org/errata/2007/0019/ http://www.trustix.org/errata/2007/0024/ http://www.ubuntu.com/usn/usn-469-1 http://www.ubuntu.com/usn/usn-520-1 http://www.vupen.com/english/advisories/2007/1466 http://www.vupen.com/english/advisories/2007/1467 http://www.vupen.com/english/advisories/2007/1468 http://www.vupen.com/english/advisories/2007/1480 http://www.vupen.com/english/advisories/2007/1939 http://www.vupen.com/english/advisories/2007/1994 http://www.vupen.com/english/advisories/2007/2788 http://www.vupen.com/english/advisories/2008/0082
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.