Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

Mandriva: Updated fetchmail packages fix DoS vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) Mandriva: Updated fetchmail packages fix DoS vulnerability
# 1  
Old 06-20-2008
Mandriva: Updated fetchmail packages fix DoS vulnerability
LinuxSecurity.com: A flaw in fetchmail was discovered that allowed remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed message with long headers. The crash only occured when fetchmail was called in '-v -v' mode (CVE-2008-2711). The updated packages have been patched to prevent this issue.

More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

mailcheck

MAILCHECK(1)						      General Commands Manual						      MAILCHECK(1)

NAME

       mailcheck - Check multiple mailboxes and/or Maildirs for new mail

SYNOPSIS

       mailcheck [-lbcsh] [-f rcfile]

DESCRIPTION

       mailcheck  is  a simple, configurable tool that allows multiple mailboxes to be checked for the existence of mail.  For local mail, it sup-
       ports both the traditional mbox format and the newer Maildir format.  Mail can also be checked for on remote servers using either the  POP3
       or IMAP protocol.

       Typically,  one	would  invoke mailcheck in /etc/profile or a user-specific login script.  E-mail junkies may also find it useful to invoke
       mailcheck occasionally to check for new mail in alternate mailboxes.

       The author uses mailcheck to keep track of messages arriving in mailboxes corresponding to several mailing lists he subscribes to.

OPTIONS

       -l     Runs mailcheck in login mode.  If a ~/.hushlogin file exists, mailcheck will exit silently.  This option is intended to be  used	on
	      systems that invoke mailcheck from a global login script such as /etc/profile.

       -b     Brief  mode.   Produces less verbose output.  If mailbox or Maildir is inside user's home direcory, only relative path is printed to
	      output.

       -c     Use more advanced counting method.  While counting mails, mailcheck looks inside mboxes and Maildirs and count new and  unread  mes-
	      sages  separately.   If  mbox/maildir  does not contain any new or unread mail, it's excluded from report.  Produced output contains
	      more valuable information, but this method is more time-consuming.

       -s     Print "no mail" summary.	If no new mail message is found, print at least "no mail message" at the end.  Only makes sense in  combi-
	      nation with -c.

       -f     Specify alternative rc file location.  If provided, default locations (see FILES) are not checked.

       -h     Print short usage information.

CONFIGURATION

       Configuring  mailcheck is simple.  Upon startup, mailcheck looks for a file called .mailcheckrc in the user's home directory.  If that file
       does not exist, the default configuration file /etc/mailcheckrc is used instead.

       Lines beginning with a hash sign (#) are treated as comments and will not be processed.	Lines beginning with pop3:  or	imap:  are  parsed
       like URLs and used to connect to network mail servers.  All other lines are treated as pathnames to mailbox files or Maildir directories.

       Environment variables in the format $(NAME) will be expanded inline.  For example:

       /var/spool/mail/$(USER)
	      Will check the user's mailbox in /var/spool/mail.

       $(HOME)/Mailbox
	      Will check the default mailbox used by qmail installations.

       When  connecting  to  POP3  or  IMAP  servers, the account password is not stored in the mailcheckrc file.  Instead, the .netrc file in the
       user's home directory is used.  This file, originally intended for use with ftp(1) and later used by fetchmail(1), should be readable  only
       by the user owning it.  It stores server/user/password combinations in the form:

       machine servername login username password password

FILES

       /etc/mailcheckrc
	      This  is	the  site-default mailcheck configuration file.  It should be edited by the system administrator to meet the needs of most
	      users on the system.

       ~/.mailcheckrc
	      This is the user-specific mailcheck configuration file.  If it exists for a particular user,  the  site-default  configuration  file
	      will not be used.

       ~/.netrc
	      This tells mailcheck what password to use for a given server/user combination when checking POP3 or IMAP mail.

COPYRIGHT

       Copyright (C) 1996, 1997, 1998, 2001, Jefferson E. Noxon.

       Portions Copyright (C) 1996, Free Software Foundation, Inc.

       Portions Copyright (C) 1996, Gordon Matzigkeit.

       Portions Copyright (C) 1998, Trent Piepho.

       Other copyrights may apply.

       This  program  is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
       the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

       On Debian GNU/Linux see /usr/share/common-licenses/GPL

AUTHOR

       Mailcheck was written for Debian GNU/Linux by Jefferson E. Noxon <jeff@planetfall.com>.

ACKNOWLEDGEMENTS

       POP3 and IMAP support was added by Rob Funk <rfunk@funknet.net>.

       Several enhancements by Tomas Hoger <thoger@pobox.sk>.

BUGS

       It is probably not a good idea to store passwords in a .netrc file.

       No SSL/TLS support for POP3 and IMAP.

SEE ALSO

       netrc(5), mbox(5), maildir(5), login(1), fetchmail(1)

								    2 July 2005 						      MAILCHECK(1)