[Am-info] Fetchmail large e-mail index overflow
Fred A. Miller
fm@cupserv.org
Fri, 24 May 2002 13:42:20 -0400
Fetchmail large e-mail index overflow
Fetchmail prior to version 5.9.10 does not properly check to see if the
amount of e-mail indicated by the server is outside internal fetchmail
bounds, thereby allowing a malicious server to execute arbitrary
code on the client system. The SAC team is not sure whether this
vulnerability is related to the vulnerability reported as {01.33.005}.
This vulnerability is confirmed. Updated Red Hat RPMs are listed at:
http://archives.neohapsis.com/archives/linux/redhat/2002-q2/0064.html
Source: Red Hat
http://archives.neohapsis.com/archives/linux/redhat/2002-q2/0064.html
--
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org, www.cupserv.org
--- SuSE Linux v8.0 Pro, Netscape 7.0---