[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] fetchmail remote exploit

To: linux-security
Subject: [linux-security] fetchmail remote exploit
From: Martin Siegert <siegert@sfu.ca>
Date: Sun, 19 Jan 2003 14:04:19 -0800
User-Agent: Mutt/1.4i

Topic
=====
remote exploit or DoS possible due to buffer overflow in fetchmail

Problem Description
===================
Another bug in the header parsing code in fetchmail can be used to crash
fetchmail. An attacker may even be able to execute arbitrary code on the
victim's machine by sending a carefully crafted email which then is parsed
by fetchmail: When fetchmail retrieves a mail all headers that contain
addresses are searched for local addresses.  If a hostname is missing,
fetchmail appends it but doesn't reserve enough space for it.  This heap
overflow can be used by remote attackers to crash it or to execute
arbitrary code with the privileges of the user running fetchmail.


Affected Systems
================
fetchmail versions prior to 6.2.0

Solution
========
upgrade to version 6.2.0 or patched version for your distribution.

RedHat 6.x
----------
rpm -Fvh fetchmail-5.9.0-21.6.2.i386.rpm fetchmailconf-5.9.0-21.6.2.i386.rpm

If you are using IMAP/SSL or POP/SSL this version of fetchmail will not
work due to incompatibilities with the RH 6.2 setup. You must change the
lines (around line 268)

simap           993/tcp                         # IMAP over SSL
spop3           995/tcp                         # POP-3 over SSL

to

simap           993/tcp         imaps           # IMAP over SSL
spop3           995/tcp         pop3s           # POP-3 over SSL

in the /etc/services file and then restart fetchmail.

RedHat 7.0, 7.1
---------------
rpm -Fvh fetchmail-5.9.0-21.7.1.i386.rpm fetchmailconf-5.9.0-21.7.1.i386.rpm

RedHat 7.2, 7.3
---------------
rpm -Fvh fetchmail-5.9.0-21.7.3.i386.rpm fetchmailconf-5.9.0-21.7.3.i386.rpm

RedHat 8.0
----------
rpm -Fvh fetchmail-5.9.0-21.8.0.i386.rpm fetchmailconf-5.9.0-21.8.0.i386.rpm

Debian 2.2 (potato)
-------------------
upgrade to fetchmail_5.3.3-4.3_i386.deb fetchmailconf_5.3.3-4.3_all.deb

Debian 3.0 (woody)
------------------
upgrade to fetchmail_5.9.11-6.2_i386.deb,
           fetchmail-ssl_5.9.11-6.2_i386.deb,
           fetchmail-common_5.9.11-6.2_all.deb

SuSE-7.1
--------
rpm -Fvh fetchmail-5.6.5-40.i386.rpm

SuSE-7.2
--------
rpm -Fvh fetchmail-5.8.0-78.i386.rpm

SuSE-7.3
--------
rpm -Fvh fetchmail-5.9.0-280.i386.rpm

SuSE-8.0
--------
rpm -Fvh fetchmail-5.9.0-279.i386.rpm

Caldera OpenLinux 3.1 and 3.1.1 Server and Workstation
-------------------------------------------------------
rpm -Fvh fetchmail-6.1.0-4.i386.rpm

Prev by Date: [linux-security] xinetd DoS
Next by Date: [linux-security] buffer overflow in pine
Prev by thread: [linux-security] buffer overflow in pine
Next by thread: [linux-security] xinetd DoS
Index(es):
- Date
- Thread