Joined: 13 Jun 2003
Location: Barcelona, Spain
|Posted: Wed Mar 31, 2004 10:09 am Post subject: [ GLSA 200403-10 ] Fetchmail 6.2.5 fixes a remote DoS
|Gentoo Linux Security Advisory
Title: Fetchmail 6.2.5 fixes a remote DoS (GLSA 200403-10)
Date: March 30, 2004
Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially-crafted email to a fetchmail user.
Fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols.
Vulnerable: <= 6.2.4
Unaffected: >= 6.2.5
Architectures: All supported architectures
Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially-crafted email to a fetchmail user. This problem occurs because Fetchmail does not properly allocate memory for long lines in an incoming email.
Fetchmail users who receive a malicious email may have their fetchmail program crash.
While a workaround is not currently known for this issue, all users are advised to upgrade to the latest version of fetchmail.
Fetchmail users should upgrade to version 6.2.5 or later:
|# emerge sync
# emerge -pv ">=net-mail/fetchmail-6.2.5"
# emerge ">=net-mail/fetchmail-6.2.5"
ISS X-Force Listing
CVE Candidate (CAN-2003-0792)
Last edited by GLSA on Sun May 07, 2006 4:50 pm; edited 1 time in total