SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (E-mail Server)  >   Fetchmail Vendors:   Raymond, Eric S.
Fetchmail Can Be Crashed By Remote Users Sending E-Mail With Certain Header Contents
SecurityTracker Alert ID:  1001757
SecurityTracker URL:  http://securitytracker.com/id/1001757
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 15 2001
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.6.8-2 for Null crash; 5.7.1-2 for SPAM crash; possibly others
Description:   A vulnerability has been reported in the Fetchmail remote mail retrieval software. A remote user can send an e-mail with a long "To:" header that will cause Fetchmail to crash.

Fetchmail reportedly contains a buffer overflow in the handling of headers. It may be possible to exploit this overflow to execute arbitrary code with the privileges of the fetchmail daemon, but this was not confirmed.

If a remote user sends e-mail with a large "To:" line (greater than 25000 characters), Fetchmail will crash with a segmentation fault.
Impact:   A remote user can cause the Fetchmail daemon to crash.
Solution:   The vendor has fixed the problem in versions 5.8.5-2 and 5.8.6-1.
Vendor URL:  www.tuxedo.org/~esr/fetchmail/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Debian Releases Fix) Re: Fetchmail Can Be Crashed By Remote Users Sending E-Mail With Certain Header Contents   (Wichert Akkerman <wichert@cistron.nl>)
Debian has released a fix.
(Conectiva Issues Fix) Re: Fetchmail Can Be Crashed By Remote Users Sending E-Mail With Certain Header Contents   (secure@conectiva.com.br)
Conectiva has issued a fix.
(Caldera Issues Fix) Fetchmail Can Be Crashed By Remote Users Sending E-Mail With Certain Header Contents   (Support Info <supinfo@caldera.com>)
The vendor has released a fix.
(EnGarde Linux Issues a Fix) Re: Fetchmail Can Be Crashed By Remote Users Sending E-Mail With Certain Header Contents   (EnGarde Secure Linux <security@guardiandigital.com>)
The OS vendor has issued a fix.
(Mandrake Issues Fix) Fetchmail Can Be Crashed By Remote Users Sending E-Mail With Certain Header Contents   (Linux Mandrake Security Team <security@linux-mandrake.com>)
The vendor has released a fix.
(FreeBSD Issues Fix) Fetchmail Can Be Crashed By Remote Users Sending E-Mail With Certain Header Contents   (FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>)
The vendor has released a fix.


 Source Message Contents
Date:  Thu, 14 Jun 2001 16:54:35 -0700
Subject:  fetchmail update -- Immunix OS 6.2, 7.0-beta, 7.0


--LYw3s/afESlflPpp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 8bit            

-----------------------------------------------------------------------
	Immunix OS Security Advisory

Packages updated:	fetchmail
Affected products:	Immunix OS 6.2, 7.0-beta, and 7.0
Bugs fixed:		immunix/1618
Date:			Wed Jun 13 2001
Advisory ID:		IMNX-2001-70-025-01
Author:			Seth Arnold <sarnold@wirex.com>
-----------------------------------------------------------------------

Description:
  Fetchmail, as shipped with Immunix OS 6.2 and 7.0, contains a buffer
  overflow in the handling of headers. StackGuard will prevent exploits
  from granting privileges; however, denial of service attacks are
  possible.

  References:
  http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=100394

  Thanks go to Wolfram Kleff for finding this problem and Henrique de
  Moraes Holschuh for supplying a fix.

Package names and locations:
  Precompiled binary packages for Immunix 6.2 are available at:
http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/fetchmail-5.3.1-2_StackGuard.i386.rpm
http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/fetchmailconf-5.3.1-2_StackGuard.i386.rpm

  Source packages for Immunix 6.2 are available at:
http://download.immunix.org/ImmunixOS/6.2/updates/SRPMS/fetchmail-5.3.1-2_StackGuard.src.rpm

  Precompiled binary packages for Immunix 7.0-beta and 7.0 are available at:
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/fetchmail-5.5.0-4_imnx.i386.rpm
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/fetchmailconf-5.5.0-4_imnx.i386.rpm

  Source package for Immunix 7.0-beta and 7.0 is available at:
http://download.immunix.org/ImmunixOS/7.0/updates/SRPMS/fetchmail-5.5.0-4_imnx.src.rpm

md5sums of the packages:
6.2:
  ea10b64694935dd20be38df09924736a  RPMS/fetchmail-5.3.1-2_StackGuard.i386.rpm
  fdebb78fcabdc43a811f9ed546252850  RPMS/fetchmailconf-5.3.1-2_StackGuard.i386.rpm
  eb7af556575d1d0e6e59976aa5b09730  SRPMS/fetchmail-5.3.1-2_StackGuard.src.rpm

7.0:
  e8169308534f68bc978ed2c1bc0aeeca  RPMS/fetchmail-5.5.0-4_imnx.i386.rpm
  242f4aa0fe21c71f1ddce4cf5c6cb0a0  RPMS/fetchmailconf-5.5.0-4_imnx.i386.rpm
  c8c4069439fe66caf013fea502947ada  SRPMS/fetchmail-5.5.0-4_imnx.src.rpm

GPG verification:                                                               
  Our public key is available at <http://wirex.com/security/GPG_KEY>.           
  *** NOTE *** This key is different from the one used in advisories            
  IMNX-2001-70-020-01 and earlier.

Online version of all Immunix 6.2 updates and advisories:
  http://immunix.org/ImmunixOS/6.2/updates/

Online version of all Immunix 7.0-beta updates and advisories:
  http://immunix.org/ImmunixOS/7.0-beta/updates/

Online version of all Immunix 7.0 updates and advisories:
  http://immunix.org/ImmunixOS/7.0/updates/

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

Contact information:
  To report vulnerabilities, please contact security@wirex.com. WireX 
  attempts to conform to the RFP vulnerability disclosure protocol
  <http://www.wiretrip.net/rfp/policy.html>.

--LYw3s/afESlflPpp
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjspTroACgkQVQcWL60UVMuDaACfSKjU0Te0cUDHmhZ4A+wjVJpS
QxUAnR7lh2XJv6ry/uVrtTDbSaa7m3Dr
=GGjX
-----END PGP SIGNATURE-----

--LYw3s/afESlflPpp--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC