Gentoo Security Advisory GLSA 200409-32 (getmail) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200409-32.

Solution

All getmail users should upgrade to the latest version: # emerge sync # emerge -pv '>=net-mail/getmail-4.2.0' # emerge '>=net-mail/getmail-4.2.0' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200409-32 http://bugs.gentoo.org/show_bug.cgi?id=64643 http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG http://article.gmane.org/gmane.mail.getmail.user/1430

Insight

getmail contains a vulnerability that could potentially allow any local user to create or overwrite files in any directory on the system. This flaw can be escalated further and possibly lead to a complete system compromise.

Severity

Classification

CVE CVE-2004-0880, CVE-2004-0881

CVSS	Base Score: 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Gentoo Security Advisory GLSA 201110-19 (xorg-server)
Gentoo Security Advisory GLSA 200506-22 (sudo)
Gentoo Security Advisory GLSA 200709-11 (gdm)
Gentoo Security Advisory GLSA 201006-08 (nano)
Gentoo Security Advisory GLSA 200506-23 (clamav)

Take action and discover your vulnerabilities