remote compromise in fetchmail

2003-01-0211:31:18

lists.opensuse.org

0.305 Low

EPSS

Percentile

97.0%

JSON

fetchmail is used to download emails from POP-, IMAP-, ETRN- or ODMR- servers. Stefan Esser of e-matters reported a bug in fetchmail’s mail address expanding code which can lead to remote system compromise. When fetchmail expands email addresses in mail headers it doesn not allocated enough memory. An attacker can send a malicious formatted mail header to exhaust the memory allocated by fetchmail to overwrite parts of the heap. This can be exploited to execute arbitrary code.

OSVersionArchitecturePackageVersionFilename
openSUSE7.1i386fetchmail< 5.6.5-40fetchmail-5.6.5-40.i386.rpm
openSUSE8.1i586fetchmail< 5.9.13-54fetchmail-5.9.13-54.i586.rpm
openSUSE7.3i386fetchmail< 5.9.0-280fetchmail-5.9.0-280.i386.rpm
openSUSE7.2i386fetchmail< 5.8.0-78fetchmail-5.8.0-78.i386.rpm
openSUSE7.1alphafetchmail< 5.6.5-30fetchmail-5.6.5-30.alpha.rpm
openSUSE8.0i386fetchmail< 5.9.0-279fetchmail-5.9.0-279.i386.rpm
openSUSE7.3ppcfetchmail< 5.9.0-205fetchmail-5.9.0-205.ppc.rpm
openSUSE7.3sparcfetchmail< 5.9.0-66fetchmail-5.9.0-66.sparc.rpm
openSUSE7.1ppcfetchmail< 5.6.5-29fetchmail-5.6.5-29.ppc.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	7.1	i386	fetchmail	< 5.6.5-40	fetchmail-5.6.5-40.i386.rpm
openSUSE	8.1	i586	fetchmail	< 5.9.13-54	fetchmail-5.9.13-54.i586.rpm
openSUSE	7.3	i386	fetchmail	< 5.9.0-280	fetchmail-5.9.0-280.i386.rpm
openSUSE	7.2	i386	fetchmail	< 5.8.0-78	fetchmail-5.8.0-78.i386.rpm
openSUSE	7.1	alpha	fetchmail	< 5.6.5-30	fetchmail-5.6.5-30.alpha.rpm
openSUSE	8.0	i386	fetchmail	< 5.9.0-279	fetchmail-5.9.0-279.i386.rpm
openSUSE	7.3	ppc	fetchmail	< 5.9.0-205	fetchmail-5.9.0-205.ppc.rpm
openSUSE	7.3	sparc	fetchmail	< 5.9.0-66	fetchmail-5.9.0-66.sparc.rpm
openSUSE	7.1	ppc	fetchmail	< 5.6.5-29	fetchmail-5.6.5-29.ppc.rpm

0.305 Low

EPSS

Percentile

97.0%

JSON

Related for SUSE-SA:2003:001