Info

Disclosure

Jul 20, 2005

Discovery

Unknown

Dates

Exploit

Aug 30, 2005

Solution

Unknown

Description

A remote overflow exists in fetchmail. The POP3 code fails to validate responses from the server resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 6.2.5.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Eric S. Raymond	Fetchmail	6.2.0
		6.2.5
		6.2.5.1

References

Security Tracker: 1014564
Bugtraq ID: 14349
Secunia Advisory ID: 16176 16178 16188 16200 16212 16213 16257 16261 16421 16437 21253
CVE ID: 2005-2335 (see also: NVD)
Keyword: fetchmail-SA-2005-01
Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20050802-01-U.asc http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:126
http://lists.suse.com/archive/suse-security-announce/2005-Jul/0006.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.412012
http://www.debian.org/security/2005/dsa-774
http://www.gentoo.org/security/en/glsa/glsa-200507-21.xml
http://www.ubuntulinux.org/support/documentation/usn/usn-153-1
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0430.html
http://archives.neohapsis.com/archives/bugtraq/2006-08/0027.html
Vendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=212762
Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=304063
RedHat RHSA: RHSA-2005:640

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Eric S. Raymond

Fetchmail

References

Credit