Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: fetchmail buffer overflow Print E-mail
User Rating:      How can I rate this item?
Posted by Team   
Debian There is a buffer overflow in fetchmail, an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder.

Debian Security Advisory DSA 216-1                                        Martin Schulze
December 24th, 2002            

Package        : fetchmail
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE Id         : CAN-2002-1365 (confirmed)

Stefan Esser of e-matters discovered a buffer overflow in fetchmail,
an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder.  When
fetchmail retrieves a mail all headers that contain addresses are
searched for local addresses.  If a hostname is missing, fetchmail
appends it but doesn't reserve enough space for it.  This heap
overflow can be used by remote attackers to crash it or to execute
arbitrary code with the privileges of the user running fetchmail.

For the current stable distribution (woody) this problem has been
fixed in version 5.9.11-6.2 of fetchmail and fetchmail-ssl.

For the old stable distribution (potato) this problem has been fixed
in version 5.3.3-4.3.

For the current unstable distribution (sid) this problem has been
fixed in version 6.2.0-1 of fetchmail and fetchmail-ssl.

We recommend that you upgrade your fetchmail packages.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 2.2 alias potato

  Source archives:
      Size/MD5 checksum:      566 a1903624c0ec3bd32511423932643072
      Size/MD5 checksum:    27949 ba53d0ca7f33019f8aa377359adf1212
      Size/MD5 checksum:   755731 d2cffc4594ec2d36db6681b800f25e2a

  Architecture independent components:
      Size/MD5 checksum:    63344 eeb78fb002b7cec35d21f782123638c5

  Alpha architecture:
      Size/MD5 checksum:   371692 f59ce881bc67072165a43c935d1c555b

  ARM architecture:
      Size/MD5 checksum:   349562 7f3512eed908f266268a5c92be1d2fd8

  Intel IA-32 architecture:
      Size/MD5 checksum:   342328 51380d2821f2837a7aaf3f14850fce83

  Motorola 680x0 architecture:
      Size/MD5 checksum:   336626 0fc917ae77fae36202be9db505de495e

  PowerPC architecture:
      Size/MD5 checksum:   350320 e3d5dbe15acefa05a6c7cbfdada1bf2a

  Sun Sparc architecture:
      Size/MD5 checksum:   328084 1f5bc0689d1c1c86f81d022a53e9cff9

Debian GNU/Linux 3.0 alias woody

  Source archives:
      Size/MD5 checksum:      712 7dd3621fe339460971cc328484b0e279
      Size/MD5 checksum:   300336 7503a6bbf5020b118c0061586e16822a
      Size/MD5 checksum:   950273 fff00cbf7be1d01a17605fee23ac96dd
      Size/MD5 checksum:      707 69a8e2fa290af062b9740943d26df507
      Size/MD5 checksum:   296112 e4ecdeddc8bffa9a54f386ab449485fe
      Size/MD5 checksum:   950273 fff00cbf7be1d01a17605fee23ac96dd

  Architecture independent components:
      Size/MD5 checksum:   165338 fd022003903f569d077e36faf5ad2a21
      Size/MD5 checksum:    92680 259860a2bcf5ec0376e899a4bac606c5

  Alpha architecture:
      Size/MD5 checksum:   307102 5fd453636e5bd8613abc7aa237585fe7
      Size/MD5 checksum:   309976 952fa90b23a9cfc6924eae2f1408c54c

  ARM architecture:
      Size/MD5 checksum:   290732 9bdae78eabf81f3abd9f06ff809b4515
      Size/MD5 checksum:   296660 cb0b113ef7df375b3ffd310a1012f3ce

  Intel IA-32 architecture:
      Size/MD5 checksum:   286470 f18703ec4f6a78310321055fcf83c4c8
      Size/MD5 checksum:   291960 2649fd5b6238851a29e8a787f462ee7e

  Intel IA-64 architecture:
      Size/MD5 checksum:   329940 a504adb23f4b454ef367209e1040abcb
      Size/MD5 checksum:   333976 144c1df5d7c723c7d6bd5e43f592b48b

  HP Precision architecture:
      Size/MD5 checksum:   299074 166df103ddb481f7765fdf748afd94a7
      Size/MD5 checksum:   301932 bebfca5047e0cbc6b29153643badc969

  Motorola 680x0 architecture:
      Size/MD5 checksum:   281204 f04e277cf71fc0cddd091fc605ef4036
      Size/MD5 checksum:   286402 6ce360b059551b495414e1beb02b67a3

  Big endian MIPS architecture:
      Size/MD5 checksum:   296502 d4dce762db683352d353e47abe050e13
      Size/MD5 checksum:   301044 2c684dbc2dba6f5cc8c1de6e6f705ff8

  Little endian MIPS architecture:
      Size/MD5 checksum:   295990 0d05ae19ca00996e83eaff5ace4bceb5
      Size/MD5 checksum:   300566 64af54cf6b0e3f531d0219a22eb1dd8a

  PowerPC architecture:
      Size/MD5 checksum:   291608 68ff481887635a4ce1243d1900c02998
      Size/MD5 checksum:   297644 70ff4071e9680a10121819046d856e55

  IBM S/390 architecture:
      Size/MD5 checksum:   288886 7b3fdb495abd4687d2e6829e7ffe0d9d
      Size/MD5 checksum:   294558 0699d986ee8f14d1c6ae3cfd1395206d

  Sun Sparc architecture:
      Size/MD5 checksum:   293406 f63f33a3530f7ba8506c35c3aa9c5e4b
      Size/MD5 checksum:   298076 56d727fcf9a8cd3403454bb60bdd3b4d

  These files will probably be moved into the stable distribution on
  its next revision.

For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show ' and

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.