Fetchmail Multidrop Mode Headerless Message Remote DoS

2005-12-19T02:41:10
ID OSVDB:21906
Type osvdb
Reporter Daniel Drake()
Modified 2005-12-19T02:41:10

Description

Vulnerability Description

Fetchmail contains a flaw that may allow a remote denial of service. The issue is triggered when fetchmail is configured for multidrop mode and the upstream mail server sends a message without headers, and will result in a loss of availability for the application.

Solution Description

Upgrade to version 6.2.5.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Fetchmail contains a flaw that may allow a remote denial of service. The issue is triggered when fetchmail is configured for multidrop mode and the upstream mail server sends a message without headers, and will result in a loss of availability for the application.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1015383 Secunia Advisory ID:18433 Secunia Advisory ID:24007 Secunia Advisory ID:24284 Secunia Advisory ID:24506 Secunia Advisory ID:17891 Secunia Advisory ID:18231 Secunia Advisory ID:18463 Secunia Advisory ID:18895 Secunia Advisory ID:18172 Secunia Advisory ID:21253 Secunia Advisory ID:18266 RedHat RHSA: RHSA-2007:0018 Other Advisory URL: http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt Other Advisory URL: http://www.debian.org/security/2006/dsa-939 Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc Other Advisory URL: http://www.ubuntulinux.org/usn/usn-233-1 Other Advisory URL: http://www.trustix.org/errata/2006/0002/ Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Mar/0005.html Other Advisory URL: http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:236 Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2005-q4/0077.html CVE-2005-4348