Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (E-mail Server)  >   Fetchmail Vendors:   Raymond, Eric S.
(FreeBSD Issues Fix) Fetchmail Can Be Crashed By Remote Users Sending E-Mail With Certain Header Contents
SecurityTracker Alert ID:  1001965
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 11 2001
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.6.8-2 for Null crash; 5.7.1-2 for SPAM crash; possibly others
Description:   A vulnerability has been reported in the Fetchmail remote mail retrieval software. A remote user can send an e-mail with a long "To:" header that will cause Fetchmail to crash.

Fetchmail reportedly contains a buffer overflow in the handling of headers. It may be possible to exploit this overflow to execute arbitrary code with the privileges of the fetchmail daemon, but this was not confirmed.

If a remote user sends e-mail with a large "To:" line (greater than 25000 characters), Fetchmail will crash with a segmentation fault.

Impact:   A remote user can cause the Fetchmail daemon to crash.
Solution:   The vendor has released a fix. See the Source Message for the vendor's advisory containing directions on how to obtain the appropriate fix.
Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (FreeBSD)

Message History:   This archive entry is a follow-up to the message listed below.
Jun 15 2001 Fetchmail Can Be Crashed By Remote Users Sending E-Mail With Certain Header Contents

 Source Message Contents

Subject:  FreeBSD Ports Security Advisory FreeBSD-SA-01:43.fetchmail


FreeBSD-SA-01:43                                           Security Advisory
                                                                FreeBSD, Inc.

Topic:          fetchmail contains potentially exploitable buffer

Category:       ports
Module:         fetchmail
Announced:      2001-07-10
Credits:        Wolfram Kleff <>
Affects:        Ports collection prior to the correction date.
Corrected:      2001-06-15
Vendor status:  Updated version released
FreeBSD only:   NO

I.   Background

fetchmail is a program used to retrieve email from POP and IMAP

II.  Problem Description

The fetchmail port, versions prior to fetchmail-5.8.6, contains a
potentially exploitable buffer overflow when rewriting headers
longer than 512 bytes.  This problem may allow remote users to
cause fetchmail to crash and potentially execute arbitrary code
as the user running fetchmail.

The fetchmail port is not installed by default, nor is it "part of
FreeBSD" as such: it is part of the FreeBSD ports collection, which
contains over 5400 third-party applications in a ready-to-install
format. The ports collection shipped with FreeBSD 4.3 is vulnerable
to this problem since it was discovered after its release.

FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security
audit of the most security-critical ports.

III. Impact

Remote users using specially crafted email messages may be able to
cause fetchmail to crash and potentially execute arbitrary code as
the user running fetchmail.

If you have not chosen to install the fetchmail port/package, then
your system is not vulnerable to this problem.

IV.  Workaround

Deinstall the fetchmail port/package if you have installed it.

V.   Solution

One of the following:

1) Upgrade your entire ports collection and rebuild the fetchmail port.

2) Deinstall the old package and install a new package dated after the
correction date, obtained from the following directories:


Packages are not automatically generated for the alpha architecture at
this time due to lack of build resources.

3) download a new port skeleton for the fetchmail port from:

and use it to rebuild the port.

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:

Version: GnuPG v1.0.6 (FreeBSD)
Comment: FreeBSD: The Power To Serve


To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC