Red Hat Bugzilla – Bug 260601
CVE-2007-4565 Fetchmail NULL pointer dereference
Last modified: 2016-03-04 06:20:00 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4565
to the following vulnerability:
fetchmail before 6.3.9 allows context-dependent attackers to cause a
denial of service (NULL dereference and application crash) by refusing
certain warning messages that are sent over SMTP.
Fetchmail dereferences NULL after SMTP server not accepting his warning mail to
postmaster. Attacker could possibly make fetchmail generate a warning (i.e. by
sending too big/malformed mail), but is pretty limited in how could he get the
SMTP server refuse a message (maybe fill his mail queue storage by sending lots
of mails). All he would get would be to crash the fetchmail.
The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw. More information regarding issue
severity can be found here:
This issue has been addressed in following products:
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2009:1427 https://rhn.redhat.com/errata/RHSA-2009-1427.html
Reporter changed to firstname.lastname@example.org by request of Jay Turner.