Bug 106662
Summary: | CAN-2003-0790/2 Fetchmail remote DoS | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 2.1 | Reporter: | Mark J. Cox <mjc> |
Component: | fetchmail | Assignee: | Nalin Dahyabhai <nalin> |
Status: | CLOSED NOTABUG | QA Contact: | Brock Organ <borgan> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 2.1 | Keywords: | Security |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2003-11-04 09:55:18 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Mark J. Cox
2003-10-09 11:09:34 UTC
In addition a bug has been found when allocating storage for an overlong line. This bug allows a remote attacker to crash Fetchmail by sending a carefully crafted email which is then parsed by Fetchmail. It may be possible to utilise this flaw to run arbitrary code. This bug was found by Dave Jones on October 8th and a patch created by Nalin Dahyabhai of Red Hat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0792 to this issue. Estimated release date Oct16 So our analysis shows that CAN-2003-0790 is not in fact a security issue and is not triggered by the Dave Jones email. CAN-2003-0792 is only an issue for fetchmail 6.2.4 and not for previous versions of fetchmail. Only versions 6.2.0 and prior have been shipped by Red Hat, therefore Red Hat Linux is not vulnerable to these issues. |