A bug has been found in the header parsing code in versions of Fetchmail up to and including 6.2.4. This bug allows a remote attacker to crash Fetchmail by sending a carefully crafted email which is then parsed by Fetchmail. All users of Fetchmail are advised to upgrade to the errata packages containing a backported fix which corrects this issue. The bug was found and patched by the OpenBSD team on September 23 2003 during a code audit. Dave Jones of Red Hat discovered an email on October 3 2003 that triggered this bug. [leaving as private bug entry for now until co-ordinated release date chosen or Fetchmail author replies to the note I sent to him yesterday] [vendor-sec notified, Oct07] Will be RHSA-2003:300
In addition a bug has been found when allocating storage for an overlong line. This bug allows a remote attacker to crash Fetchmail by sending a carefully crafted email which is then parsed by Fetchmail. It may be possible to utilise this flaw to run arbitrary code. This bug was found by Dave Jones on October 8th and a patch created by Nalin Dahyabhai of Red Hat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0792 to this issue. Estimated release date Oct16
So our analysis shows that CAN-2003-0790 is not in fact a security issue and is not triggered by the Dave Jones email. CAN-2003-0792 is only an issue for fetchmail 6.2.4 and not for previous versions of fetchmail. Only versions 6.2.0 and prior have been shipped by Red Hat, therefore Red Hat Linux is not vulnerable to these issues.