SuseSUSE-SA:2001:026remote privilege escalation in fetchmail
0.096 Low
EPSS
Percentile
94.8%
Fetchmail is a tool for retrieving and forwarding mail. Two vulnerabilities in the code of fetchmail were found in the last weeks. 1.) By sending a header with a large “To:” line a buffer overflow will be triggered in the header parsing code. 2.) By impersonating a pop3 or imap server by using DNS spoofing or getting control over the pop3/imap server an attacker could trigger a buffer overflow in the pop3 and imap code of fetchmail. All the attacker has to do is to fake a LIST response message and providing two integers. One will used as index for a stack array and the other one is the value written to this index. Both vulnerabilities could be used to get remote access to the system with the privilege of the user running fetchmail.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 7.0 | sparc | fetchml | < 5.4.0-3 | fetchml-5.4.0-3.sparc.rpm |
| openSUSE | 6.3 | alpha | fetchml | < 5.1.2-4 | fetchml-5.1.2-4.alpha.rpm |
| openSUSE | 7.2 | i386 | fetchmail | < 5.8.0-48 | fetchmail-5.8.0-48.i386.rpm |
| openSUSE | 6.4 | ppc | fetchml | < 5.3.0-3 | fetchml-5.3.0-3.ppc.rpm |
| openSUSE | 7.0 | ppc | fetchml | < 5.4.0-3 | fetchml-5.4.0-3.ppc.rpm |
| openSUSE | 6.4 | i386 | fetchml | < 5.3.0-3 | fetchml-5.3.0-3.i386.rpm |
| openSUSE | 6.3 | i386 | fetchml | < 5.1.2-7 | fetchml-5.1.2-7.i386.rpm |
| openSUSE | 7.0 | i386 | fetchml | < 5.4.0-3 | fetchml-5.4.0-3.i386.rpm |
| openSUSE | 7.1 | i386 | fetchmailconf | < 5.6.5-0 | fetchmailconf-5.6.5-0.i386.rpm |
| openSUSE | 7.1 | i386 | fetchmail | < 5.6.5-27 | fetchmail-5.6.5-27.i386.rpm |
Related
