SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Fetchmail Vendors:   Raymond, Eric S.
(EnGarde Linux Issues a Fix) Re: Fetchmail Can Be Crashed By Remote Users Sending E-Mail With Certain Header Contents
SecurityTracker Alert ID:  1001848
SecurityTracker URL:  http://securitytracker.com/id/1001848
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 27 2001
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.6.8-2 for Null crash; 5.7.1-2 for SPAM crash; possibly others
Description:   A vulnerability has been reported in the Fetchmail remote mail retrieval software. A remote user can send an e-mail with a long "To:" header that will cause Fetchmail to crash.

Fetchmail reportedly contains a buffer overflow in the handling of headers. It may be possible to exploit this overflow to execute arbitrary code with the privileges of the fetchmail daemon, but this was not confirmed.

If a remote user sends e-mail with a large "To:" line (greater than 25000 characters), Fetchmail will crash with a segmentation fault.

Impact:   A remote user can cause the Fetchmail daemon to crash.
Solution:   The OS vendor has issued a fix. See the Source Message for the vendor's advisory.
Vendor URL:  www.tuxedo.org/~esr/fetchmail/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (EnGarde)

Message History:   This archive entry is a follow-up to the message listed below.
Jun 15 2001 Fetchmail Can Be Crashed By Remote Users Sending E-Mail With Certain Header Contents



 Source Message Contents

Subject:  [ESA-20010620-01]: fetchmail-ssl buffer overflow


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


+------------------------------------------------------------------------+
| EnGarde Secure Linux Security Advisory                   June 20, 2001 |
| http://www.engardelinux.org/                           ESA-20010620-01 |
|                                                                        |
| Package:  fetchmail-ssl                                                |
| Summary:  There is a buffer overflow in the header handling code of    |
|           the fetchmail-ssl package.                                   |
+------------------------------------------------------------------------+

  EnGarde Secure Linux is a secure distribution of Linux that features
  improved access control, host and network intrusion detection, Web
  based secure remote management, complete e-commerce using AllCommerce,
  and integrated open source security tools.


OVERVIEW
- --------
  There is a buffer overflow vulnerability in the fetchmail-ssl package
  which could potentially be exploited remotely, although no exploit is
  known of at this time.


DETAIL
- ------
  There is a buffer overflow in the header parsing code of fetchmail
  (rfc882.c) which caused fetchmail to die with a segmentation fault
  when it encountered a message with a large "To:" header.

  This bug could be exploited remotely and, if fetchmail is being run
  as root, could allow the attacker to obtain root privileges.  No
  exploit is know of at this time but we highly recommend all users
  update nevertheless.

  We have updated the package to version 5.8.7 to fix this problem.


SOLUTION
- --------
  All users should upgrade to the most recent version, as outlined in
  this advisory.  All updates can be found at:

    ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
    http://ftp.engardelinux.org/pub/engarde/stable/updates/
    http://ftp.ibiblio.org/pub/linux/distributions/engarde/stable/updates/

  Before upgrading the package, the machine must either:

    a) be booted into a "standard" kernel; or
    b) have LIDS disabled.

  To disable LIDS, execute the command:

    # /sbin/lidsadm -S -- -LIDS_GLOBAL

  To install the updated package, execute the command:

    # rpm -Uvh <filename>

  To re-enable LIDS (if it was disabled), execute the command:

    # /sbin/lidsadm -S -- +LIDS_GLOBAL

  To verify the signature of the updated packages, execute the command:

    # rpm -Kv <filename>


UPDATED PACKAGES
- ----------------
  These updated packages are for EnGarde Secure Linux 1.0.1 (Finestra).

  Source Packages:

    SRPMS/fetchmail-ssl-5.8.7-1.0.2.src.rpm
      MD5 Sum:  a3fbe418903aaee80c4d7f68b246bd3b

  Binary Packages:

    i386/fetchmail-ssl-5.8.7-1.0.2.i386.rpm
      MD5 Sum:  fc034811543e4aa5ad913bfa444f7e7f

    i686/fetchmail-ssl-5.8.7-1.0.2.i686.rpm
      MD5 Sum:  dcb18d42dd572432ddb60bd917e2418d


REFERENCES
- ----------

  Guardian Digital's public key:
    http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY

  Credit for the discovery of this bug goes to:
    Wolfram Kleff <kleff@cs.uni-bonn.de>

  fetchmail's Official Web Site:
    http://www.tuxedo.org/~esr/fetchmail/index.html

  Original disclosure of this bug:
    http://bugs.debian.org/100394


- --------------------------------------------------------------------------
$Id: ESA-20010620-01-fetchmail-ssl,v 1.2 2001/06/20 18:51:11 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple, <ryan@guardiandigital.com> 
Copyright 2001, Guardian Digital, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7MmIiHD5cqd57fu0RArc7AJsGfdqJYOtAiAw2NG4f03FFk/QEtgCfe6d+
Lrl2lQlTAJWJ+PKUhmp9xYg=
=KhJe
-----END PGP SIGNATURE-----


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC