Bug 106662 - CAN-2003-0790/2 Fetchmail remote DoS
CAN-2003-0790/2 Fetchmail remote DoS
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: fetchmail (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brock Organ
: Security
Depends On:
  Show dependency treegraph
Reported: 2003-10-09 07:09 EDT by Mark J. Cox (Product Security)
Modified: 2007-11-30 17:06 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-11-04 04:55:18 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox (Product Security) 2003-10-09 07:09:34 EDT
A bug has been found in the header parsing code in versions of Fetchmail up
to and including 6.2.4.

This bug allows a remote attacker to crash Fetchmail by sending a carefully
crafted email which is then parsed by Fetchmail.

All users of Fetchmail are advised to upgrade to the errata packages
containing a backported fix which corrects this issue.

The bug was found and patched by the OpenBSD team on September 23 2003
during a code audit. Dave Jones of Red Hat discovered an email on October 3
2003 that triggered this bug.

[leaving as private bug entry for now until co-ordinated release date chosen or
Fetchmail author replies to the note I sent to him yesterday]

[vendor-sec notified, Oct07]

Will be RHSA-2003:300
Comment 1 Mark J. Cox (Product Security) 2003-10-10 07:18:26 EDT
In addition a bug has been found when allocating storage for an overlong line.
This bug allows a remote attacker to crash Fetchmail by sending a carefully
crafted email which is then parsed by Fetchmail. It may be possible to
utilise this flaw to run arbitrary code. This bug was found by Dave Jones
on October 8th and a patch created by Nalin Dahyabhai of Red Hat. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2003-0792 to this issue.

Estimated release date Oct16
Comment 2 Mark J. Cox (Product Security) 2003-10-14 13:55:56 EDT
So our analysis shows that CAN-2003-0790 is not in fact a security issue and is
not triggered by the Dave Jones email.

CAN-2003-0792 is only an issue for fetchmail 6.2.4 and not for previous versions
of fetchmail.

Only versions 6.2.0 and prior have been shipped by Red Hat, therefore Red Hat
Linux is not vulnerable to these issues.

Note You need to log in before you can comment on or make changes to this bug.