First Last Prev Next    This bug is not in your last search results.
Bug 74664 - Fetchmail multidrop remote security vulnerabilities
Fetchmail multidrop remote security vulnerabilities
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: fetchmail (Show other bugs)
2.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brock Organ
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-09-30 04:53 EDT by Mark J. Cox (Product Security)
Modified: 2007-11-30 17:06 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-09-30 04:53:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Mark J. Cox (Product Security) 2002-09-30 04:53:40 EDT 
Fetchmail is a remote mail retrieval and forwarding utility intended for
use over on-demand TCP/IP links, like SLIP or PPP connections.  Two bugs
have been found in the header parsing code in versions of Fetchmail prior
to 6.1.0.  

The first bug allows a remote attacker to remotely crash Fetchmail by
sending a carefully crafted DNS packet.   The second bug allows a remote
attacker to carefully craft an email in such a way that when it is parsed
by Fetchmail a heap overflow occurs, allowing remote arbitrary code execution.

Both of these bugs are only exploitable if Fetchmail is being used in
multidrop mode (using the "multiple-local-recipients" feature).
Comment 1 Mark J. Cox (Product Security) 2002-11-06 07:26:13 EST 
RHSA-2002:216
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.