SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Fetchmail Vendors:   Raymond, Eric S.
Fetchmail Can Be Crashed By Remote Users Sending E-Mail With Certain Header Contents
SecurityTracker Alert ID:  1001757
SecurityTracker URL:  http://securitytracker.com/id/1001757
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 15 2001
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.6.8-2 for Null crash; 5.7.1-2 for SPAM crash; possibly others
Description:   A vulnerability has been reported in the Fetchmail remote mail retrieval software. A remote user can send an e-mail with a long "To:" header that will cause Fetchmail to crash.

Fetchmail reportedly contains a buffer overflow in the handling of headers. It may be possible to exploit this overflow to execute arbitrary code with the privileges of the fetchmail daemon, but this was not confirmed.

If a remote user sends e-mail with a large "To:" line (greater than 25000 characters), Fetchmail will crash with a segmentation fault.

Impact:   A remote user can cause the Fetchmail daemon to crash.
Solution:   The vendor has fixed the problem in versions 5.8.5-2 and 5.8.6-1.
Vendor URL:  www.tuxedo.org/~esr/fetchmail/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Debian Releases Fix) Re: Fetchmail Can Be Crashed By Remote Users Sending E-Mail With Certain Header Contents
Debian has released a fix.
(Conectiva Issues Fix) Re: Fetchmail Can Be Crashed By Remote Users Sending E-Mail With Certain Header Contents
Conectiva has issued a fix.
(Caldera Issues Fix) Fetchmail Can Be Crashed By Remote Users Sending E-Mail With Certain Header Contents
The vendor has released a fix.
(EnGarde Linux Issues a Fix) Re: Fetchmail Can Be Crashed By Remote Users Sending E-Mail With Certain Header Contents
The OS vendor has issued a fix.
(Mandrake Issues Fix) Fetchmail Can Be Crashed By Remote Users Sending E-Mail With Certain Header Contents
The vendor has released a fix.
(FreeBSD Issues Fix) Fetchmail Can Be Crashed By Remote Users Sending E-Mail With Certain Header Contents
The vendor has released a fix.



 Source Message Contents

Subject:  fetchmail update -- Immunix OS 6.2, 7.0-beta, 7.0


--LYw3s/afESlflPpp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 8bit            

-----------------------------------------------------------------------
	Immunix OS Security Advisory

Packages updated:	fetchmail
Affected products:	Immunix OS 6.2, 7.0-beta, and 7.0
Bugs fixed:		immunix/1618
Date:			Wed Jun 13 2001
Advisory ID:		IMNX-2001-70-025-01
Author:			Seth Arnold <sarnold@wirex.com>
-----------------------------------------------------------------------

Description:
  Fetchmail, as shipped with Immunix OS 6.2 and 7.0, contains a buffer
  overflow in the handling of headers. StackGuard will prevent exploits
  from granting privileges; however, denial of service attacks are
  possible.

  References:
  http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=100394

  Thanks go to Wolfram Kleff for finding this problem and Henrique de
  Moraes Holschuh for supplying a fix.

Package names and locations:
  Precompiled binary packages for Immunix 6.2 are available at:
http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/fetchmail-5.3.1-2_StackGuard.i386.rpm
http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/fetchmailconf-5.3.1-2_StackGuard.i386.rpm

  Source packages for Immunix 6.2 are available at:
http://download.immunix.org/ImmunixOS/6.2/updates/SRPMS/fetchmail-5.3.1-2_StackGuard.src.rpm

  Precompiled binary packages for Immunix 7.0-beta and 7.0 are available at:
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/fetchmail-5.5.0-4_imnx.i386.rpm
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/fetchmailconf-5.5.0-4_imnx.i386.rpm

  Source package for Immunix 7.0-beta and 7.0 is available at:
http://download.immunix.org/ImmunixOS/7.0/updates/SRPMS/fetchmail-5.5.0-4_imnx.src.rpm

md5sums of the packages:
6.2:
  ea10b64694935dd20be38df09924736a  RPMS/fetchmail-5.3.1-2_StackGuard.i386.rpm
  fdebb78fcabdc43a811f9ed546252850  RPMS/fetchmailconf-5.3.1-2_StackGuard.i386.rpm
  eb7af556575d1d0e6e59976aa5b09730  SRPMS/fetchmail-5.3.1-2_StackGuard.src.rpm

7.0:
  e8169308534f68bc978ed2c1bc0aeeca  RPMS/fetchmail-5.5.0-4_imnx.i386.rpm
  242f4aa0fe21c71f1ddce4cf5c6cb0a0  RPMS/fetchmailconf-5.5.0-4_imnx.i386.rpm
  c8c4069439fe66caf013fea502947ada  SRPMS/fetchmail-5.5.0-4_imnx.src.rpm

GPG verification:                                                               
  Our public key is available at <http://wirex.com/security/GPG_KEY>.           
  *** NOTE *** This key is different from the one used in advisories            
  IMNX-2001-70-020-01 and earlier.

Online version of all Immunix 6.2 updates and advisories:
  http://immunix.org/ImmunixOS/6.2/updates/

Online version of all Immunix 7.0-beta updates and advisories:
  http://immunix.org/ImmunixOS/7.0-beta/updates/

Online version of all Immunix 7.0 updates and advisories:
  http://immunix.org/ImmunixOS/7.0/updates/

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

Contact information:
  To report vulnerabilities, please contact security@wirex.com. WireX 
  attempts to conform to the RFP vulnerability disclosure protocol
  <http://www.wiretrip.net/rfp/policy.html>.

--LYw3s/afESlflPpp
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjspTroACgkQVQcWL60UVMuDaACfSKjU0Te0cUDHmhZ4A+wjVJpS
QxUAnR7lh2XJv6ry/uVrtTDbSaa7m3Dr
=GGjX
-----END PGP SIGNATURE-----

--LYw3s/afESlflPpp--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC