Debian Security Advisory

DSA-071-1 fetchmail -- memory corruption

Date Reported:

10 Aug 2001

Affected Packages:

fetchmail

Vulnerable:

Yes

Security database references:

In the Bugtraq database (at SecurityFocus): BugTraq ID 3164, BugTraq ID 3166.
In Mitre's CVE dictionary: CVE-2001-1009.

More information:

Salvatore Sanfilippo found two remotely exploitable problems in fetchmail while doing a security audit. In both the IMAP code and the POP3 code, the input isn't verified even though it's used to store a number in an array. Since no bounds checking is done this can be used by an attacker to write arbitrary data in memory. An attacker can use this if they can get a user to transfer mail from a custom IMAP or POP3 server they control.

This has been fixed in version 5.3.3-3, we recommend that you update your fetchmail packages immediately.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Source:: http://security.debian.org/dists/stable/updates/main/source/fetchmail_5.3.3-3.diff.gz; http://security.debian.org/dists/stable/updates/main/source/fetchmail_5.3.3-3.dsc; http://security.debian.org/dists/stable/updates/main/source/fetchmail_5.3.3.orig.tar.gz
Architecture-independent component:: http://security.debian.org/dists/stable/updates/main/binary-all/fetchmailconf_5.3.3-3_all.deb
Alpha:: http://security.debian.org/dists/stable/updates/main/binary-alpha/fetchmail_5.3.3-3_alpha.deb
ARM:: http://security.debian.org/dists/stable/updates/main/binary-arm/fetchmail_5.3.3-3_arm.deb
Intel IA-32:: http://security.debian.org/dists/stable/updates/main/binary-i386/fetchmail_5.3.3-3_i386.deb
Motorola 680x0:: http://security.debian.org/dists/stable/updates/main/binary-m68k/fetchmail_5.3.3-3_m68k.deb
PowerPC:: http://security.debian.org/dists/stable/updates/main/binary-powerpc/fetchmail_5.3.3-3_powerpc.deb
Sun Sparc:: http://security.debian.org/dists/stable/updates/main/binary-sparc/fetchmail_5.3.3-3_sparc.deb

MD5 checksums of the listed files are available in the original advisory.