GLSA
Bodhisattva
Joined: 13 Jun 2003
Posts: 4087
Location: Dresden, Germany
|
 Posted: Wed Mar 31, 2004 10:09 am Post subject: [ GLSA 200403-10 ] Fetchmail 6.2.5 fixes a remote DoS |
 |
|
Gentoo Linux Security Advisory
Title: Fetchmail 6.2.5 fixes a remote DoS (GLSA 200403-10)
Severity: normal
Exploitable: remote
Date: March 30, 2004
Bug(s): #37717
ID: 200403-10
Synopsis
Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially-crafted email to a fetchmail user.
Background
Fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols.
Affected Packages
Package: net-mail/fetchmail
Vulnerable: <= 6.2.4
Unaffected: >= 6.2.5
Architectures: All supported architectures
Description
Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially-crafted email to a fetchmail user. This problem occurs because Fetchmail does not properly allocate memory for long lines in an incoming email.
Impact
Fetchmail users who receive a malicious email may have their fetchmail program crash.
Workaround
While a workaround is not currently known for this issue, all users are advised to upgrade to the latest version of fetchmail.
Resolution
Fetchmail users should upgrade to version 6.2.5 or later: | Code: | # emerge sync
# emerge -pv ">=net-mail/fetchmail-6.2.5"
# emerge ">=net-mail/fetchmail-6.2.5" |
References
ISS X-Force Listing
CVE Candidate (CAN-2003-0792)
Last edited by GLSA on Sun May 07, 2006 4:50 pm; edited 1 time in total |
|
News & Announcements
