Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (E-mail Client)  >   Fetchmail Vendors:   Raymond, Eric S.
Fetchmail Buffer Overflow May Allow Remote Users to Execute Arbitrary Code
SecurityTracker Alert ID:  1005273
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Sep 29 2002
Original Entry Date:  Sep 24 2002
Impact:   Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.0.0 and prior versions
Description:   A buffer overflow vulnerability was reported in fetchmail. A remote user may be able to cause arbitrary code to be executed when fetchmail is operating in multi-drop mode.

It is reported that there are several buffer overflow conditions that can be triggered when fetchmail is running in multi-drop mode.

In several places, the readheaders() parsing function reportedly copies user-supplied email addresses to fixed size buffers without checking the size of the email address.

A broken boundary check is reported in the getmxrecord() function. A remote user that can send a specially crafted DNS packet to the target server can exploit this flaw to cause fetchmail to crash.

A bug is also reported in the parse_received() function affecting the parsing of user-supplied "Received:" headers. Portions of the "Received:" header line are copied without validating the size of the copied portion. A remote user can send mail with a specially crafted "Received:" header line to cause fetchmail to overflow the heap with arbitrary code. This bug allows a remote user to execute arbitrary code on the system.

The vendor credits Stefan Esser (e-matters) for reporting these flaws. The e-matters security advisory is available at:

Impact:   A remote user may be able to execute arbitrary code on the system with the privileges of the fetchmail daemon. In some configurations, this may be root privileges.
Solution:   The vendor has released a fixed version (6.1.0), available at:

Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Red Hat Issues Fix) Re: Fetchmail Buffer Overflow May Allow Remote Users to Execute Arbitrary Code
Red Hat has issued a fix.
(Sun Issues Fix for Sun Linux) Re: Fetchmail Buffer Overflow May Allow Remote Users to Execute Arbitrary Code
Sun has issued a fix for Sun Linux 5.0.
(Conectiva Issues Fix) Fetchmail Buffer Overflow May Allow Remote Users to Execute Arbitrary Code
Conectiva has released a fix.

 Source Message Contents

Subject:  [Full-Disclosure] (no subject)

Hash: SHA1

is there any more information on this "potential" remote vulnerability?

fetchmail-6.1.0 (Sun Sep 22 18:31:23 EDT 2002), 21999 lines:

* Updated French translation.
* Stefan Esser's fix for potential remote vulnerability in multidrop mode.
This is an important security fix!

Version: Hush 2.1
Note: This signature can be verified at


Get your free encrypted email at
Full-Disclosure - We believe in it.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC