remote compromise in fetchmail

2003-01-02T11:31:18
ID SUSE-SA:2003:001
Type suse
Reporter Suse
Modified 2003-01-02T11:31:18

Description

fetchmail is used to download emails from POP-, IMAP-, ETRN- or ODMR- servers. Stefan Esser of e-matters reported a bug in fetchmail's mail address expanding code which can lead to remote system compromise. When fetchmail expands email addresses in mail headers it doesn not allocated enough memory. An attacker can send a malicious formatted mail header to exhaust the memory allocated by fetchmail to overwrite parts of the heap. This can be exploited to execute arbitrary code.