fetchmail security announcement 2006-03 (CVE-2006-5974)

To: bugtraq@xxxxxxxxxxxxxxxxx, vendor-sec@xxxxxx, vulnwatch@xxxxxxxxxxxxx
Subject: fetchmail security announcement 2006-03 (CVE-2006-5974)
From: Matthias Andree <matthias.andree@xxxxxx>
Date: Sat, 6 Jan 2007 00:06:21 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mail-followup-to: bugtraq@xxxxxxxxxxxxxxxxx, vendor-sec@xxxxxx, vulnwatch@xxxxxxxxxxxxx
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mutt/1.5.13 (2006-11-21)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

fetchmail-SA-2006-03: crash when refusing message delivered through MDA

Topics:         fetchmail crashes when refusing a message bound for an MDA

Author:         Matthias Andree
Version:        1.0
Announced:      2007-01-04
Type:           denial of service
Impact:         fetchmail aborts prematurely
Danger:         low
Credits:        Neil Hoggarth (bug report and analysis)
CVE Name:       CVE-2006-5974
URL:            http://fetchmail.berlios.de/fetchmail-SA-2006-03.txt
Project URL:    http://fetchmail.berlios.de/

Affects:        fetchmail release = 6.3.5
                fetchmail release candidates 6.3.6-rc1, -rc2

Not affected:   fetchmail release 6.3.6

Corrected:      2006-11-14 fetchmail SVN


0. Release history
==================

2006-11-19 -    internal review draft
2007-01-04 1.0   ready for release


1. Background
=============

fetchmail is a software package to retrieve mail from remote POP2, POP3,
IMAP, ETRN or ODMR servers and forward it to local SMTP, LMTP servers or
message delivery agents.

fetchmail ships with a graphical, Python/Tkinter based configuration
utility named "fetchmailconf" to help the user create configuration (run
control) files for fetchmail.


2. Problem description and Impact
=================================

Fetchmail 6.3.5 and early 6.3.6 release candidates, when delivering
messages to a message delivery agent by means of the "mda" option, can
crash (by passing a NULL pointer to ferror() and fflush()) when refusing
a message. SMTP and LMTP delivery modes aren't affected.


3. Workaround
=============

Avoid the mda option and ship to a local SMTP or LMTP server instead.


4. Solution
===========

Download and install fetchmail 6.3.6 or a newer stable release from
fetchmail's project site at
<http://developer.berlios.de/project/showfiles.php?group_id=1824>.



A. Copyright, License and Warranty
==================================

(C) Copyright 2007 by Matthias Andree, <matthias.andree@xxxxxx>.
Some rights reserved.

This work is licensed under the Creative Commons
Attribution-NonCommercial-NoDerivs German License. To view a copy of
this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/
or send a letter to Creative Commons; 559 Nathan Abbott Way;
Stanford, California 94305; USA.

THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.
Use the information herein at your own risk.

END OF fetchmail-SA-2006-03.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFntntvmGDOQUufZURAicZAKCg2UcpAQ0Wot44RbXYLP082rEX5QCfUYxg
qPVbKSzqv4ZEgrimsGieYc8=
=JbTf
-----END PGP SIGNATURE-----

Prev by Date: Re: SAP Security Contact
Next by Date: fetchmail security announcement 2006-02 (CVE-2006-5867)
Previous by thread: ZDI-07-001: QUALCOMM Eudora WorldMail Remote Management Heap Overflow Vulnerability
Next by thread: fetchmail security announcement 2006-02 (CVE-2006-5867)
Index(es):
- Date
- Thread