Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4565
to the following vulnerability:
fetchmail before 6.3.9 allows context-dependent attackers to cause a
denial of service (NULL dereference and application crash) by refusing
certain warning messages that are sent over SMTP.
Fetchmail dereferences NULL after SMTP server not accepting his warning mail to
postmaster. Attacker could possibly make fetchmail generate a warning (i.e. by
sending too big/malformed mail), but is pretty limited in how could he get the
SMTP server refuse a message (maybe fill his mail queue storage by sending lots
of mails). All he would get would be to crash the fetchmail.
The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw. More information regarding issue
severity can be found here:
This issue has been addressed in following products:
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2009:1427 https://rhn.redhat.com/errata/RHSA-2009-1427.html
Reporter changed to security-response-team by request of Jay Turner.