SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Client)  >   Fetchmail Vendors:   Raymond, Eric S.
Fetchmail Can Be Crashed By Remote Users Sending E-mail With Long Lines
SecurityTracker Alert ID:  1007944
SecurityTracker URL:  http://securitytracker.com/id/1007944
CVE Reference:   CVE-2003-0792   (Links to External Site)
Updated:  Feb 20 2004
Original Entry Date:  Oct 17 2003
Impact:   Denial of service via network

Version(s): 6.2.4
Description:   A denial of service vulnerability was reported in fetchmail in the processing of long lines. A remote user can cause fetchmail to crash.

It is reported that a remote user can create a specially crafted email message to cause fetchmail to crash. Reports indicate that fetchmail does not properly allocate memory when processing long lines.

No further details were provided.

Impact:   A remote user can cause fetchmail to crash.
Solution:   The vendor has released a fixed version (6.2.5), available at:

http://catb.org/~esr/fetchmail/

Vendor URL:  catb.org/~esr/fetchmail/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 17 2003 (Mandrake Issues Fix) Fetchmail Can Be Crashed By Remote Users Sending a Specially Crafted E-mail Message
Mandrake has released a fix.
Oct 21 2003 (Immunix Issues Fix) Fetchmail Can Be Crashed By Remote Users Sending a Specially Crafted E-mail Message
Immunix has released a fix.
Oct 28 2003 (Slackware Issues Fix) Fetchmail Can Be Crashed By Remote Users Sending a Specially Crafted E-mail Message
Slackware has released a fix.
Nov 28 2003 (Turbolinux Issues Fix) Re: Fetchmail Can Be Crashed By Remote Users Sending a Specially Crafted E-mail Message
Turbolinux has issued a fix.
Dec 20 2003 (Apple Issues Fix) Fetchmail Can Be Crashed By Remote Users Sending a Specially Crafted E-mail Message
Apple has released a fix for Panther (10.3.2).
Dec 20 2003 (Apple Issues Fix) Fetchmail Can Be Crashed By Remote Users Sending a Specially Crafted E-mail Message
Apple has released a fix for Jaguar.
Apr 1 2004 (Gentoo Issues Fix) Fetchmail Can Be Crashed By Remote Users Sending E-mail With Long Lines
Gentoo has released a fix.



 Source Message Contents

Subject:  fetchmail


Mandrake reported that there is a vulnerability in fetchmail 6.2.4.  A remote user can 
create a specially crafted email message to cause fetchmail to crash.

Note that the release notes for 6.2.5 do not explicitly mention a fix for this flaw, so it 
is unclear if there is a fix in the upstream version.

CVE:  CAN-2003-0792




 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC