1 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
2 |
Gentoo Linux Security Advisory GLSA 200403-10 |
3 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
4 |
http://security.gentoo.org |
5 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
6 |
|
7 |
Severity: Normal |
8 |
Title: Fetchmail 6.2.5 fixes a remote DoS |
9 |
Date: March 30, 2004 |
10 |
Bugs: #37717 |
11 |
ID: 200403-10 |
12 |
|
13 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
14 |
|
15 |
Synopsis |
16 |
======== |
17 |
|
18 |
Fetchmail versions 6.2.4 and earlier can be crashed by sending a |
19 |
specially-crafted email to a fetchmail user. |
20 |
|
21 |
Background |
22 |
========== |
23 |
|
24 |
Fetchmail is a utility that retrieves and forwards mail from remote |
25 |
systems using IMAP, POP, and other protocols. |
26 |
|
27 |
Affected packages |
28 |
================= |
29 |
|
30 |
------------------------------------------------------------------- |
31 |
Package / Vulnerable / Unaffected |
32 |
------------------------------------------------------------------- |
33 |
net-mail/fetchmail <= 6.2.4 >= 6.2.5 |
34 |
|
35 |
Description |
36 |
=========== |
37 |
|
38 |
Fetchmail versions 6.2.4 and earlier can be crashed by sending a |
39 |
specially-crafted email to a fetchmail user. This problem occurs |
40 |
because Fetchmail does not properly allocate memory for long lines in |
41 |
an incoming email. |
42 |
|
43 |
Impact |
44 |
====== |
45 |
|
46 |
Fetchmail users who receive a malicious email may have their fetchmail |
47 |
program crash. |
48 |
|
49 |
Workaround |
50 |
========== |
51 |
|
52 |
While a workaround is not currently known for this issue, all users are |
53 |
advised to upgrade to the latest version of the affected package. |
54 |
|
55 |
Resolution |
56 |
========== |
57 |
|
58 |
Fetchmail users should upgrade to version 6.2.5 or later: |
59 |
|
60 |
# emerge sync |
61 |
# emerge -pv ">=net-mail/fetchmail-6.2.5" |
62 |
# emerge ">=net-mail/fetchmail-6.2.5" |
63 |
|
64 |
References |
65 |
========== |
66 |
|
67 |
[ 1 ] http://xforce.iss.net/xforce/xfdb/13450 |
68 |
[ 2 ] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0792 |
69 |
|
70 |
Concerns? |
71 |
========= |
72 |
|
73 |
Security is a primary focus of Gentoo Linux and ensuring the |
74 |
confidentiality and security of our users machines is of utmost |
75 |
importance to us. Any security concerns should be addressed to |
76 |
security@g.o or alternatively, you may file a bug at |
77 |
http://bugs.gentoo.org. |