SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (E-mail Client)  >   Fetchmail Vendors:   Raymond, Eric S.
Fetchmail Can Be Crashed By Remote Users Sending E-mail With Long Lines
SecurityTracker Alert ID:  1007944
SecurityTracker URL:  http://securitytracker.com/id/1007944
CVE Reference:   CAN-2003-0792   (Links to External Site)
Updated:  Feb 20 2004
Original Entry Date:  Oct 17 2003
Impact:   Denial of service via network

Version(s): 6.2.4
Description:   A denial of service vulnerability was reported in fetchmail in the processing of long lines. A remote user can cause fetchmail to crash.

It is reported that a remote user can create a specially crafted email message to cause fetchmail to crash. Reports indicate that fetchmail does not properly allocate memory when processing long lines.

No further details were provided.
Impact:   A remote user can cause fetchmail to crash.
Solution:   The vendor has released a fixed version (6.2.5), available at:

http://catb.org/~esr/fetchmail/
Vendor URL:  catb.org/~esr/fetchmail/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 17 2003 (Mandrake Issues Fix) Fetchmail Can Be Crashed By Remote Users Sending a Specially Crafted E-mail Message   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.
Oct 21 2003 (Immunix Issues Fix) Fetchmail Can Be Crashed By Remote Users Sending a Specially Crafted E-mail Message   (Immunix Security Team <security@immunix.com>)
Immunix has released a fix.
Oct 28 2003 (Slackware Issues Fix) Fetchmail Can Be Crashed By Remote Users Sending a Specially Crafted E-mail Message   (Slackware Security Team <security@slackware.com>)
Slackware has released a fix.
Nov 28 2003 (Turbolinux Issues Fix) Re: Fetchmail Can Be Crashed By Remote Users Sending a Specially Crafted E-mail Message   (Turbolinux <security-announce@turbolinux.co.jp>)
Turbolinux has issued a fix.
Dec 20 2003 (Apple Issues Fix) Fetchmail Can Be Crashed By Remote Users Sending a Specially Crafted E-mail Message   (Apple Product Security <product-security@apple.com>)
Apple has released a fix for Panther (10.3.2).
Dec 20 2003 (Apple Issues Fix) Fetchmail Can Be Crashed By Remote Users Sending a Specially Crafted E-mail Message   (Apple Product Security <product-security@apple.com>)
Apple has released a fix for Jaguar.
Apr 1 2004 (Gentoo Issues Fix) Fetchmail Can Be Crashed By Remote Users Sending E-mail With Long Lines   (Kurt Lieber <klieber@gentoo.org>)
Gentoo has released a fix.


 Source Message Contents
Date:  Thu, 16 Oct 2003 23:41:44 -0400
Subject:  fetchmail


Mandrake reported that there is a vulnerability in fetchmail 6.2.4.  A remote user can 
create a specially crafted email message to cause fetchmail to crash.

Note that the release notes for 6.2.5 do not explicitly mention a fix for this flaw, so it 
is unclear if there is a fix in the upstream version.

CVE:  CAN-2003-0792


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC