Red Hat Bugzilla – Bug 163816
CAN-2005-2335 fetchmail overflow from malicious pop3 server
Last modified: 2007-11-30 17:07:19 EST
We were alerted today to a Debian bug report showing a flaw where a malicious
POP3 server could overflow a stack buffer in fetchmail.
Draft advisory at http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
More details at end of http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=212762
Most likely also affects RHEL3 and RHEL2.1 (although code in RHEL2.1 is
Created attachment 117020 [details]
Proposed patch from SUSE
Yep, this bug applies to RHEL2.1 as well. File pop3.c line 540.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
Summary is wrong, CVE number is CAN-2005-2355, not CAN-2005-2335.
Sorry, I was wrong. CAN-2005-2335 *is* correct. FC3 advisory was incorrect.