MDKSA-2001:072
- Package name
- fetchmail
- Date
- 2001-08-31
- Advisory ID
- MDKSA-2001:072
- Affected versions
- 8.0 i586 , 7.2 i586 , 7.1 i586 , CS1.0 i586 , 8.0 i586
Problem description
A vulnerability was found by Salvatore Sanfilippo in both the IMAP and POP3 code of fetchmail where the input is not verified and no bounds checking is done. This can be exploited by a remote attacker to write arbitrary data into memory. The attacker must have control of the mail server the client is connecting to via fetchmail in order to exploit this vulnerability.
Updated packages
8.0 i586
d3d60c3ff5b5a07869a10b3f9519a592 8.0/RPMS/fetchmail-5.7.4-5.2mdk.i586.rpm c7eb824dd7f7b4cd5144bf9d13608388 8.0/RPMS/fetchmail-daemon-5.7.4-5.2mdk.i586.rpm dd686925435feb7777ff93e19e136897 8.0/RPMS/fetchmailconf-5.7.4-5.2mdk.i586.rpm 9bfd4b3ee6f4f4dab297d735eb5c81c4 8.0/SRPMS/fetchmail-5.7.4-5.2mdk.src.rpm
7.2 i586
30968c4a530d86aef6eb8a035e1fb0f4 7.2/RPMS/fetchmail-5.5.2-5.2mdk.i586.rpm 691a814f4bf4d42c9a9175a393be1861 7.2/RPMS/fetchmail-daemon-5.5.2-5.2mdk.i586.rpm a757421dc5d03124a64c360631d6bdd9 7.2/RPMS/fetchmailconf-5.5.2-5.2mdk.i586.rpm 654e13cf2049db36d4f7ddc9ed8a7e01 7.2/SRPMS/fetchmail-5.5.2-5.2mdk.src.rpm
7.1 i586
ff5474afdc3969147bb460561327c6d0 7.1/RPMS/fetchmail-5.3.8-4.2mdk.i586.rpm 32f4be82c09adfbe0c61ce748982c4f8 7.1/RPMS/fetchmailconf-5.3.8-4.2mdk.i586.rpm 12d83eef760314bd3ecfacf9910e0119 7.1/SRPMS/fetchmail-5.3.8-4.2mdk.src.rpm
CS1.0 i586
ff5474afdc3969147bb460561327c6d0 1.0.1/RPMS/fetchmail-5.3.8-4.2mdk.i586.rpm 32f4be82c09adfbe0c61ce748982c4f8 1.0.1/RPMS/fetchmailconf-5.3.8-4.2mdk.i586.rpm 12d83eef760314bd3ecfacf9910e0119 1.0.1/SRPMS/fetchmail-5.3.8-4.2mdk.src.rpm
8.0 i586
e04c544cfd8eb8f4d76bde638a462b0e ppc/8.0/RPMS/fetchmail-5.7.4-5.2mdk.ppc.rpm 25af9f4b03072a6a55927da8469c1b12 ppc/8.0/RPMS/fetchmail-daemon-5.7.4-5.2mdk.ppc.rpm 49712c3b104eeace680f92cd61de933c ppc/8.0/RPMS/fetchmailconf-5.7.4-5.2mdk.ppc.rpm 4302ccfec542787c01bea6518df42920 ppc/8.0/SRPMS/fetchmail-5.7.4-5.2mdk.src.rpm