[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] fecthmail remote exploit
- To: linux-security
- Subject: [linux-security] fecthmail remote exploit
- From: Martin Siegert <siegert@sfu.ca>
- Date: Wed, 9 Oct 2002 20:45:43 -0700
- User-Agent: Mutt/1.4i
Topic
=====
remote exploit possible because of fetchmail overflow
Problem Description
===================
Two bugs realted to the header parsing code in fetchmail can be exploited
if fetchmail is used in multidrop mode (using the "multiple-local-recipients"
feature).
The first bug is a broken boundary check within getmxrecord() that can be
used to crash Fetchmail remotely, i.e., results in a DoS (denial of service)
attack.
The second bug is more dangerous, because successfully exploited it allows
to execute arbitrary code on the victim's system.
This bug is within the way fetchmail parses "Received:" headers
within the parse_received() function.
Affected Systems
================
fetchmail versions 6.0.0 and earlier
Workaround
==========
do not use the multiple-local-recipients feature
Solution
========
upgrade to version 6.1.0 or patched version for your distribution.
RedHat 6.x
----------
rpm -Fvh fetchmail-5.9.0-18.i386.rpm fetchmailconf-5.9.0-18.i386.rpm
[Remark: I have been trying to get this version to work with IMAP/SSL
and failed miserably; if somebody is able to use this version of
fetchmail under RH 6.2 I would appreciate, if you would drop me a line]
RedHat 7.0, 7.1
---------------
rpm -Fvh fetchmail-5.9.0-19.i386.rpm fetchmailconf-5.9.0-19.i386.rpm
RedHat 7.2, 7.3
---------------
rpm -Fvh fetchmail-5.9.0-20.i386.rpm fetchmailconf-5.9.0-20.i386.rpm
RedHat 8.0
----------
rpm -Fvh fetchmail-5.9.0-21.i386.rpm fetchmailconf-5.9.0-21.i386.rpm
Debian 2.2 (potato)
-------------------
upgrade to fetchmail_5.3.3-4.2_i386.deb
Debian 3.0 (woody)
------------------
upgrade to fetchmail_5.9.11-6.1_i386.deb,
fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_i386.deb