Package name
fetchmail
Date
2001-08-31
Advisory ID
MDKSA-2001:072
Affected versions
8.0 i586 , 7.2 i586 , 7.1 i586 , CS1.0 i586 , 8.0 i586

Problem description

A vulnerability was found by Salvatore Sanfilippo in both the IMAP and POP3 code of fetchmail where the input is not verified and no bounds checking is done. This can be exploited by a remote attacker to write arbitrary data into memory. The attacker must have control of the mail server the client is connecting to via fetchmail in order to exploit this vulnerability.

Updated packages

8.0 i586

 d3d60c3ff5b5a07869a10b3f9519a592  8.0/RPMS/fetchmail-5.7.4-5.2mdk.i586.rpm
c7eb824dd7f7b4cd5144bf9d13608388  8.0/RPMS/fetchmail-daemon-5.7.4-5.2mdk.i586.rpm
dd686925435feb7777ff93e19e136897  8.0/RPMS/fetchmailconf-5.7.4-5.2mdk.i586.rpm
9bfd4b3ee6f4f4dab297d735eb5c81c4  8.0/SRPMS/fetchmail-5.7.4-5.2mdk.src.rpm

7.2 i586

 30968c4a530d86aef6eb8a035e1fb0f4  7.2/RPMS/fetchmail-5.5.2-5.2mdk.i586.rpm
691a814f4bf4d42c9a9175a393be1861  7.2/RPMS/fetchmail-daemon-5.5.2-5.2mdk.i586.rpm
a757421dc5d03124a64c360631d6bdd9  7.2/RPMS/fetchmailconf-5.5.2-5.2mdk.i586.rpm
654e13cf2049db36d4f7ddc9ed8a7e01  7.2/SRPMS/fetchmail-5.5.2-5.2mdk.src.rpm

7.1 i586

 ff5474afdc3969147bb460561327c6d0  7.1/RPMS/fetchmail-5.3.8-4.2mdk.i586.rpm
32f4be82c09adfbe0c61ce748982c4f8  7.1/RPMS/fetchmailconf-5.3.8-4.2mdk.i586.rpm
12d83eef760314bd3ecfacf9910e0119  7.1/SRPMS/fetchmail-5.3.8-4.2mdk.src.rpm

CS1.0 i586

 ff5474afdc3969147bb460561327c6d0  1.0.1/RPMS/fetchmail-5.3.8-4.2mdk.i586.rpm
32f4be82c09adfbe0c61ce748982c4f8  1.0.1/RPMS/fetchmailconf-5.3.8-4.2mdk.i586.rpm
12d83eef760314bd3ecfacf9910e0119  1.0.1/SRPMS/fetchmail-5.3.8-4.2mdk.src.rpm

8.0 i586

 e04c544cfd8eb8f4d76bde638a462b0e  ppc/8.0/RPMS/fetchmail-5.7.4-5.2mdk.ppc.rpm
25af9f4b03072a6a55927da8469c1b12  ppc/8.0/RPMS/fetchmail-daemon-5.7.4-5.2mdk.ppc.rpm
49712c3b104eeace680f92cd61de933c  ppc/8.0/RPMS/fetchmailconf-5.7.4-5.2mdk.ppc.rpm
4302ccfec542787c01bea6518df42920  ppc/8.0/SRPMS/fetchmail-5.7.4-5.2mdk.src.rpm