1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200403-10 / fetchmail |
| Release Date | March 30, 2004 |
| Latest Revision | March 30, 2004: 01 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| net-mail/fetchmail | <= 6.2.4 | >= 6.2.5 | All supported architectures |
Related bugreports: #37717
Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially-crafted email to a fetchmail user.
Fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols.
Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially-crafted email to a fetchmail user. This problem occurs because Fetchmail does not properly allocate memory for long lines in an incoming email.
Fetchmail users who receive a malicious email may have their fetchmail program crash.
While a workaround is not currently known for this issue, all users are advised to upgrade to the latest version of fetchmail.
Fetchmail users should upgrade to version 6.2.5 or later:
Code Listing 3.1: Resolution |
# emerge sync # emerge -pv ">=net-mail/fetchmail-6.2.5" # emerge ">=net-mail/fetchmail-6.2.5" |