Slackware Advisory SSA:2004-278-01 Getmail Network Vulnerability

Summary

The remote host is missing an update as announced via advisory SSA:2004-278-01.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-278-01

Insight

New getmail packages are available for Slackware 9.1, 10.0 and -current to fix a security issue. If getmail is used as root to deliver to user owned files or directories, it can be made to overwrite system files. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-880 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-881

Severity

Classification

CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Slackware Advisory SSA:2006-129-01 Apache httpd
Slackware Advisory SSA:2007-093-03 qt
Slackware Advisory SSA:2006-257-02 openssl
Slackware Advisory SSA:2007-066-04 mozilla-thunderbird
Slackware Advisory SSA:2005-278-01 Thunderbird email client

Slackware Advisory SSA:2004-278-01 getmail

Take action and discover your vulnerabilities