Fetchmail是一款多功能的IMAP和POP客户程序。 Fetchmail存在设计问题,远程攻击者可以利用漏洞可能获得用户密码敏感信息。 具体问题如下: -sslcertck/sslfingerprint选项本来必须应用到"sslproto tls1"来迫使使用TLS协商,但程序没有。 -在配置文件中即使使用"sslproto tls1",但如果STLS/STARTTLS没有使用,获取邮件也是明文过程。 -无论TLS选项是否采用,POP3的抓取完全忽略TLS,因为在检查STLS支持前没有可靠的发送CAPA,而CAPA是STLS所必须的。无论CAPA是否检测到,依靠的是"auth"选项。 -POP3可以退回到使用明文密码,即使配置使用了强壮的验证方式。 -如果强壮验证方式或TLS请求提交给POP2,POP2不做任何处理。 OpenPKG OpenPKG Stable OpenPKG OpenPKG E1.0-Solid OpenPKG OpenPKG Current OpenPKG OpenPKG 2-Stable-20061018 Eric Raymond Fetchmail 6.3.1 -rc1 Eric Raymond Fetchmail 6.3.1 Eric Raymond Fetchmail 6.3 .0 Eric Raymond Fetchmail 6.2.9 -rc6 Eric Raymond Fetchmail 6.2.6 -pre7 Eric Raymond Fetchmail 6.2.5 .5 Eric Raymond Fetchmail 6.2.5 .4 Eric Raymond Fetchmail 6.2.5 .2 Eric Raymond Fetchmail 6.2.5 .1 Eric Raymond Fetchmail 6.2.5 + MandrakeSoft Corporate Server 3.0 x86_64 + MandrakeSoft Corporate Server 3.0 + MandrakeSoft Linux Mandrake 10.2 x86_64 + MandrakeSoft Linux Mandrake 10.2 + MandrakeSoft...
Fetchmail是一款多功能的IMAP和POP客户程序。 Fetchmail存在设计问题,远程攻击者可以利用漏洞可能获得用户密码敏感信息。 具体问题如下: -sslcertck/sslfingerprint选项本来必须应用到"sslproto tls1"来迫使使用TLS协商,但程序没有。 -在配置文件中即使使用"sslproto tls1",但如果STLS/STARTTLS没有使用,获取邮件也是明文过程。 -无论TLS选项是否采用,POP3的抓取完全忽略TLS,因为在检查STLS支持前没有可靠的发送CAPA,而CAPA是STLS所必须的。无论CAPA是否检测到,依靠的是"auth"选项。 -POP3可以退回到使用明文密码,即使配置使用了强壮的验证方式。 -如果强壮验证方式或TLS请求提交给POP2,POP2不做任何处理。 OpenPKG OpenPKG Stable OpenPKG OpenPKG E1.0-Solid OpenPKG OpenPKG Current OpenPKG OpenPKG 2-Stable-20061018 Eric Raymond Fetchmail 6.3.1 -rc1 Eric Raymond Fetchmail 6.3.1 Eric Raymond Fetchmail 6.3 .0 Eric Raymond Fetchmail 6.2.9 -rc6 Eric Raymond Fetchmail 6.2.6 -pre7 Eric Raymond Fetchmail 6.2.5 .5 Eric Raymond Fetchmail 6.2.5 .4 Eric Raymond Fetchmail 6.2.5 .2 Eric Raymond Fetchmail 6.2.5 .1 Eric Raymond Fetchmail 6.2.5 + MandrakeSoft Corporate Server 3.0 x86_64 + MandrakeSoft Corporate Server 3.0 + MandrakeSoft Linux Mandrake 10.2 x86_64 + MandrakeSoft Linux Mandrake 10.2 + MandrakeSoft Linux Mandrake 10.1 x86_64 + MandrakeSoft Linux Mandrake 10.1 + RedHat Fedora Core4 + RedHat Fedora Core3 + Ubuntu Ubuntu Linux 5.10 powerpc + Ubuntu Ubuntu Linux 5.10 i386 + Ubuntu Ubuntu Linux 5.10 amd64 + Ubuntu Ubuntu Linux 5.0 4 powerpc + Ubuntu Ubuntu Linux 5.0 4 i386 + Ubuntu Ubuntu Linux 5.0 4 amd64 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Eric Raymond Fetchmail 6.2.4 Eric Raymond Fetchmail 6.2.2 Eric Raymond Fetchmail 6.2 .0 Eric Raymond Fetchmail 6.1.3 + OpenPKG OpenPKG Current Eric Raymond Fetchmail 6.1 .0 + EnGarde Secure Linux 1.0.1 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Linux Mandrake 9.0 + MandrakeSoft Linux Mandrake 8.2 + MandrakeSoft Linux Mandrake 8.1 + MandrakeSoft Linux Mandrake 8.0 + MandrakeSoft Linux Mandrake 7.2 + MandrakeSoft Single Network Firewall 7.2 Eric Raymond Fetchmail 6.0 .0 Eric Raymond Fetchmail 5.9.14 + Gentoo Linux 1.4 _rc1 + Gentoo Linux 1.2 Eric Raymond Fetchmail 5.9.13 + OpenPKG OpenPKG 1.1 + S.u.S.E. Linux 8.1 Eric Raymond Fetchmail 5.9.12 + Conectiva Linux 8.0 + Conectiva Linux 7.0 + Conectiva Linux 6.0 Eric Raymond Fetchmail 5.9.11 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha Eric Raymond Fetchmail 5.9.10 Eric Raymond Fetchmail 5.9.9 + HP Secure OS software for Linux 1.0 Eric Raymond Fetchmail 5.9.8 Eric Raymond Fetchmail 5.9.7 Eric Raymond Fetchmail 5.9.6 Eric Raymond Fetchmail 5.9.5 + OpenPKG OpenPKG 1.0 Eric Raymond Fetchmail 5.9.4 Eric Raymond Fetchmail 5.9.3 Eric Raymond Fetchmail 5.9.2 Eric Raymond Fetchmail 5.9.1 Eric Raymond Fetchmail 5.9 .0 + Immunix Immunix OS 7+ + RedHat Linux 8.0 i386 + RedHat Linux 8.0 + RedHat Linux 7.3 i386 + RedHat Linux 7.3 + RedHat Linux 7.2 ia64 + RedHat Linux 7.2 i386 + RedHat Linux 7.2 alpha + RedHat Linux 7.2 + RedHat Linux 7.1 ia64 + RedHat Linux 7.1 i386 + RedHat Linux 7.1 alpha + RedHat Linux 7.1 + RedHat Linux 7.0 sparc + RedHat Linux 7.0 i386 + RedHat Linux 7.0 alpha + RedHat Linux 7.0 + RedHat Linux 6.2 sparc + RedHat Linux 6.2 i386 + RedHat Linux 6.2 alpha + RedHat Linux 6.2 + S.u.S.E. Linux 7.3 sparc + S.u.S.E. Linux 7.3 ppc + S.u.S.E. Linux 7.3 i386 + S.u.S.E. Linux 7.3 + Sun Linux 5.0 Eric Raymond Fetchmail 5.8.17 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Server 3.1 + Caldera OpenLinux Workstation 3.1.1 + Caldera OpenLinux Workstation 3.1 Eric Raymond Fetchmail 5.8.16 Eric Raymond Fetchmail 5.8.15 Eric Raymond Fetchmail 5.8.14 Eric Raymond Fetchmail 5.8.13 Eric Raymond Fetchmail 5.8.12 Eric Raymond Fetchmail 5.8.11 Eric Raymond Fetchmail 5.8.10 Eric Raymond Fetchmail 5.8.9 Eric Raymond Fetchmail 5.8.8 Eric Raymond Fetchmail 5.8.7 Eric Raymond Fetchmail 5.8.6 - Apple Mac OS X 10.1 Eric Raymond Fetchmail 5.8.5 Eric Raymond Fetchmail 5.8.4 Eric Raymond Fetchmail 5.8.3 Eric Raymond Fetchmail 5.8.2 Eric Raymond Fetchmail 5.8.1 Eric Raymond Fetchmail 5.8 .0 + S.u.S.E. Linux 7.2 Eric Raymond Fetchmail 5.7.4 - MandrakeSoft Linux Mandrake 8.0 Eric Raymond Fetchmail 5.7.3 Eric Raymond Fetchmail 5.7.2 Eric Raymond Fetchmail 5.7.1 - Debian Linux 2.3 Eric Raymond Fetchmail 5.7 Eric Raymond Fetchmail 5.6.8 Eric Raymond Fetchmail 5.6.7 Eric Raymond Fetchmail 5.6.6 Eric Raymond Fetchmail 5.6.5 + S.u.S.E. Linux 7.1 x86 + S.u.S.E. Linux 7.1 sparc + S.u.S.E. Linux 7.1 ppc + S.u.S.E. Linux 7.1 alpha + S.u.S.E. Linux 7.1 Eric Raymond Fetchmail 5.6.4 Eric Raymond Fetchmail 5.6.3 Eric Raymond Fetchmail 5.6.2 Eric Raymond Fetchmail 5.6.1 Eric Raymond Fetchmail 5.6 Eric Raymond Fetchmail 5.5.6 Eric Raymond Fetchmail 5.5.5 - Conectiva Linux 6.0 - Conectiva Linux 5.1 - Conectiva Linux 5.0 - Conectiva Linux graficas - Conectiva Linux ecommerce Eric Raymond Fetchmail 5.5.4 Eric Raymond Fetchmail 5.5.3 Eric Raymond Fetchmail 5.5.2 Eric Raymond Fetchmail 5.5.1 Eric Raymond Fetchmail 5.5 + Cobalt Qube 3.0 - Immunix Immunix OS 7.0 beta - Immunix Immunix OS 7.0 Eric Raymond Fetchmail 5.4.5 Eric Raymond Fetchmail 5.4.4 Eric Raymond Fetchmail 5.4.3 Eric Raymond Fetchmail 5.4.2 Eric Raymond Fetchmail 5.4.1 Eric Raymond Fetchmail 5.4 .0 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Server 3.1 + Caldera OpenLinux Workstation 3.1.1 + Caldera OpenLinux Workstation 3.1 + EnGarde Secure Linux 1.0.1 - Guardian Digital Engarde Secure Linux 1.0.1 Eric Raymond Fetchmail 5.3.8 Eric Raymond Fetchmail 5.3.7 Eric Raymond Fetchmail 5.3.6 Eric Raymond Fetchmail 5.3.5 Eric Raymond Fetchmail 5.3.4 Eric Raymond Fetchmail 5.3.3 + Debian Linux 2.2 sparc + Debian Linux 2.2 powerpc + Debian Linux 2.2 IA-32 + Debian Linux 2.2 arm + Debian Linux 2.2 alpha + Debian Linux 2.2 68k Eric Raymond Fetchmail 5.3.2 Eric Raymond Fetchmail 5.3.1 - Immunix Immunix OS 6.2 Eric Raymond Fetchmail 5.3 Eric Raymond Fetchmail 5.2 - SCO eDesktop 2.4 Eric Raymond Fetchmail 5.1 Eric Raymond Fetchmail 5.0 Eric Raymond Fetchmail 6.3.6-rc3 Eric Raymond Fetchmail 6.3.6-rc2 Eric Raymond Fetchmail 6.3.6-rc1 下载安装fetchmail 6.3.6或者之后版本: <a href="http://developer.berlios.de/project/showfiles.php?group_id=1824" target="_blank">http://developer.berlios.de/project/showfiles.php?group_id=1824</a>
