Fetchmail IMAP Message Count Overflow

2002-05-21T17:01:50
ID OSVDB:4595
Type osvdb
Reporter Eric S. Raymond(esr@thyrsus.com)
Modified 2002-05-21T17:01:50

Description

Vulnerability Description

A remote overflow exists in Fetchmail. Fetchmail email client fails to properly limit the maximum number of messages available resulting in an overwrite of memory via a message count that exceeds the boundaries of an array. With a specially crafted request, a malicious IMAP server can cause an overwrite of the process stack memory space resulting in a loss of system integrity.

Solution Description

Upgrade to Fetchmail version 5.9.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Fetchmail. Fetchmail email client fails to properly limit the maximum number of messages available resulting in an overwrite of memory via a message count that exceeds the boundaries of an array. With a specially crafted request, a malicious IMAP server can cause an overwrite of the process stack memory space resulting in a loss of system integrity.

References:

Vendor URL: http://catb.org/~esr/fetchmail/ RedHat RHSA: RHSA-2002:047 Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:036 Other Advisory URL: http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0205-042 Other Advisory URL: ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-027.0.txt ISS X-Force ID: 9133 CVE-2002-0146 Bugtraq ID: 4788