Heap overflow flaw was found in the way Fetchmail used to convert certain byte strings into their printable representation, when fetchmail was running in the verbose mode. A remote attacker could use this flaw to cause a denial of service (fetchmail crash) or, potentially, to execute arbitrary code with the privileges of the user running fetchmail. Upstream advisory (mentioning OSS security mailing post, as upstream Fetchmail one doesn't seem to be working yet): [1] http://www.openwall.com/lists/oss-security/2010/02/04/4 Upstream patch (from [1]): --- a/sdump.c +++ b/sdump.c @@ -36,7 +36,7 @@ char *sdump(const char *in, size_t len) if (isprint((unsigned char)in[i])) { *(oi++) = in[i]; } else { - oi += sprintf(oi, "\\x%02X", in[i]); + oi += sprintf(oi, "\\x%02X", (unsigned char)in[i]); } } *oi = '\0'; (mentioned "r5467" SVN revision doesn't seem to be working for me yet). References: http://www.fetchmail.info/fetchmail-SA-2010-01.txt http://www.fetchmail.info/
This issue does NOT affect the versions of the fetchmail package, as shipped with Red Hat Enteprise Linux 3, 4, and 5. This issue does NOT affect the versions of the fetchmail package, as shipped with Fedora release of 11 (fetchmail-6.3.9-5.fc11). This issue affects the version of the fetchmail package, as shipped with Fedora release of 12 (fetchmail-6.3.11-3.fc12). Please fix.
This is CVE-2010-0562.
fetchmail-6.3.11-4.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/fetchmail-6.3.11-4.fc12
fetchmail-6.3.11-4.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.