Gentoo Logo

Fetchmail 6.2.5 fixes a remote DoS

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200403-10 / fetchmail
Release Date March 30, 2004
Latest Revision March 30, 2004: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
net-mail/fetchmail <= 6.2.4 >= 6.2.5 All supported architectures

Related bugreports: #37717

Synopsis

Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially-crafted email to a fetchmail user.

2.  Impact Information

Background

Fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols.

Description

Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially-crafted email to a fetchmail user. This problem occurs because Fetchmail does not properly allocate memory for long lines in an incoming email.

Impact

Fetchmail users who receive a malicious email may have their fetchmail program crash.

3.  Resolution Information

Workaround

While a workaround is not currently known for this issue, all users are advised to upgrade to the latest version of fetchmail.

Resolution

Fetchmail users should upgrade to version 6.2.5 or later:

Code Listing 3.1: Resolution

# emerge sync
# emerge -pv ">=net-mail/fetchmail-6.2.5"
# emerge ">=net-mail/fetchmail-6.2.5"

4.  References

Print

Page updated March 30, 2004

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.