Re: [Eug-lug] Fetchmail, Procmail, And How It All Relates

Fri, 23 Jul 2004 19:27:31 -0700 

Yes, but fetchmail appears more exploitable:
(from the NetBSD Package Collection; ftp.netbsd.org/pub/NetBSD/packages/ )

The following security vulnerabilities are known for mail/fetchmail at Jul 20 01:30
   :
     * fetchmail<5.8.8       has      a      remote-user-access      exploit      (see
       http://www.securityfocus.com/vdb/?id=2877 for more details)
     * fetchmail<5.8.17       has      a      remote-user-shell      exploit      (see
       http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1
       %26mid%3D203165 for more details)
     * fetchmail<5.9.10      has      a      remote-user-access      exploit      (see
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0146 for more details)
     * fetchmail<=6.0.0      has      a     remote-code-execution     exploit     (see
       http://security.e-matters.de/advisories/032002.html for more details)
     * fetchmail<6.1.0       has       a      remote-user-shell      exploit      (see
       http://online.securityfocus.com/bid/5825 for more details)
     * fetchmail<6.1.0       has       a      denial-of-service      exploit      (see
       http://online.securityfocus.com/bid/5826 for more details)
     * fetchmail<6.1.0       has       a      remote-user-shell      exploit      (see
       http://online.securityfocus.com/bid/5827 for more details)
     * fetchmail<6.2.0      has      a      remote-code-execution     exploit     (see
       http://security.e-matters.de/advisories/052002.html for more details)
     * fetchmail<6.2.4nb2      has      a      denial-of-service      exploit     (see
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0790 for more details)


The following security vulnerabilities are known for mail/getmail at Jul 20 01:30 :
   (no vulnerabilities known)

Of course fetchmail is more widely used so there's that many more eyes 
looking at it.

Ralph Zeller <[EMAIL PROTECTED]> wrote:

> On 07/23/04 02pm, Jason Van Cleve wrote:
> > If anyone prefers fetchmail to getmail, please say why.
>
> Fetchmail is more time tested and proven?
>
> <quoting from getmail-4/CHANGELOG>
>
> Version 4.0.0a1
> 14 June 2004
>
>   -first alpha release of getmail version 4
>
> Changes since getmail version 3
> -------------------------------
> -complete rewrite
>
> </quote>

--
        new smaller signature here
_______________________________________________
EUGLUG mailing list
[EMAIL PROTECTED]
http://www.euglug.org/mailman/listinfo/euglug

Reply via email to