[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] fetchmail remote exploit



Topic
=====
remote exploit or DoS possible due to buffer overflow in fetchmail

Problem Description
===================
Another bug in the header parsing code in fetchmail can be used to crash
fetchmail. An attacker may even be able to execute arbitrary code on the
victim's machine by sending a carefully crafted email which then is parsed
by fetchmail: When fetchmail retrieves a mail all headers that contain
addresses are searched for local addresses.  If a hostname is missing,
fetchmail appends it but doesn't reserve enough space for it.  This heap
overflow can be used by remote attackers to crash it or to execute
arbitrary code with the privileges of the user running fetchmail.


Affected Systems
================
fetchmail versions prior to 6.2.0

Solution
========
upgrade to version 6.2.0 or patched version for your distribution.

RedHat 6.x
----------
rpm -Fvh fetchmail-5.9.0-21.6.2.i386.rpm fetchmailconf-5.9.0-21.6.2.i386.rpm

If you are using IMAP/SSL or POP/SSL this version of fetchmail will not
work due to incompatibilities with the RH 6.2 setup. You must change the
lines (around line 268)

simap           993/tcp                         # IMAP over SSL
spop3           995/tcp                         # POP-3 over SSL

to

simap           993/tcp         imaps           # IMAP over SSL
spop3           995/tcp         pop3s           # POP-3 over SSL

in the /etc/services file and then restart fetchmail.

RedHat 7.0, 7.1
---------------
rpm -Fvh fetchmail-5.9.0-21.7.1.i386.rpm fetchmailconf-5.9.0-21.7.1.i386.rpm

RedHat 7.2, 7.3
---------------
rpm -Fvh fetchmail-5.9.0-21.7.3.i386.rpm fetchmailconf-5.9.0-21.7.3.i386.rpm

RedHat 8.0
----------
rpm -Fvh fetchmail-5.9.0-21.8.0.i386.rpm fetchmailconf-5.9.0-21.8.0.i386.rpm

Debian 2.2 (potato)
-------------------
upgrade to fetchmail_5.3.3-4.3_i386.deb fetchmailconf_5.3.3-4.3_all.deb

Debian 3.0 (woody)
------------------
upgrade to fetchmail_5.9.11-6.2_i386.deb,
           fetchmail-ssl_5.9.11-6.2_i386.deb,
           fetchmail-common_5.9.11-6.2_all.deb

SuSE-7.1
--------
rpm -Fvh fetchmail-5.6.5-40.i386.rpm

SuSE-7.2
--------
rpm -Fvh fetchmail-5.8.0-78.i386.rpm

SuSE-7.3
--------
rpm -Fvh fetchmail-5.9.0-280.i386.rpm

SuSE-8.0
--------
rpm -Fvh fetchmail-5.9.0-279.i386.rpm

Caldera OpenLinux 3.1 and 3.1.1 Server and Workstation
-------------------------------------------------------
rpm -Fvh fetchmail-6.1.0-4.i386.rpm