fetchmail Crash when warning message is rejected

2007.08.29
Credit: Matthias Andree
Risk: Low
Local: Yes
Remote: No
CVE: CVE-2007-4565
CWE: CWE-Other


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

fetchmail-SA-2007-02: Crash when warning message is rejected Topics: Crash when fetchmail-generated warning message is rejected Author: Matthias Andree Version: 1.0 Announced: 2007-07-29 Type: NULL pointer dereference trigged by outside circumstances Impact: denial of service possible Danger: low Credits: Earl Chew CVE Name: CVE-2007-4565 URL: http://fetchmail.berlios.de/fetchmail-SA-2007-02.txt Project URL: http://fetchmail.berlios.de/ Affects: fetchmail release < 6.3.9 Not affected: fetchmail release 6.3.9 Corrected: 2007-07-29 fetchmail SVN (rev 5119) 0. Release history ================== 2007-07-29 1.0 first draft for MITRE/CVE (visible in SVN) 1. Background ============= fetchmail is a software package to retrieve mail from remote POP2, POP3, IMAP, ETRN or ODMR servers and forward it to local SMTP, LMTP servers or message delivery agents. fetchmail ships with a graphical, Python/Tkinter based configuration utility named "fetchmailconf" to help the user create configuration (run control) files for fetchmail. 2. Problem description and Impact ================================= fetchmail will generated warning messages to the local postmaster or user in certain circumstances, for instance when authentication fails. If this warning message is refused by the SMTP listener that fetchmail is talking to, fetchmail attempts to dereference a NULL pointer when trying to find out if it should allow a bounce message to be sent. 3. Solution =========== Install fetchmail 6.3.9 or newer. The fetchmail source code is available from <http://developer.berlios.de/project/showfiles.php?group_id=1824>. A. Copyright, License and Warranty ================================== (C) Copyright 2007 by Matthias Andree, <matthias.andree@gmx.de>. Some rights reserved. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs German License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/ or send a letter to Creative Commons; 559 Nathan Abbott Way; Stanford, California 94305; USA. THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. Use the information herein at your own risk. END OF fetchmail-SA-2007-02.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top