J-Security Center

Title: Fetchmail Buffer Overflow Vulnerability

Severity: HIGH

Description:

Fetchmail is a unix utility for downloading email from mail servers via POP.

Fetchmail contains a buffer overflow in its handling of email header information. If the 'To:' field is too large, fetchmail will overflow a local buffer.

The overflow occurs in the nxtaddr() function during a copy loop when the email header is being processed. If the stack frame is corrupted by the excessive data, fetchmail may crash. Attackers may be able to execute arbitrary code by overwriting the function return address with a value pointing to supplied shellcode.

This vulnerability could be exploited using a maliciously crafted email message. The overflow will occur immediately after email message is downloaded from the mail server by fetchmail. No user interaction is required beyond fetchmail downloading the email containing the exploit code.

Fetchmail often runs as root. If this vulnerability were exploited, it is likely that an attacker would gain root access on target clients.

Affected Products:

  • Caldera OpenLinux Server 3.1.0
  • Caldera OpenLinux Server 3.1.1
  • Caldera OpenLinux Workstation 3.1.0
  • Caldera OpenLinux Workstation 3.1.1
  • Cobalt Qube 3.0.0
  • Debian Linux 2.2.0 68k
  • Debian Linux 2.2.0 IA-32
  • Debian Linux 2.2.0 alpha
  • Debian Linux 2.2.0 arm
  • Debian Linux 2.2.0 powerpc
  • Debian Linux 2.2.0 sparc
  • EnGarde Secure Linux 1.0.1
  • Eric Raymond Fetchmail 5.0.0
  • Eric Raymond Fetchmail 5.1.0
  • Eric Raymond Fetchmail 5.2.0
  • Eric Raymond Fetchmail 5.3.0
  • Eric Raymond Fetchmail 5.3.1
  • Eric Raymond Fetchmail 5.3.2
  • Eric Raymond Fetchmail 5.3.3
  • Eric Raymond Fetchmail 5.3.4
  • Eric Raymond Fetchmail 5.3.5
  • Eric Raymond Fetchmail 5.3.6
  • Eric Raymond Fetchmail 5.3.7
  • Eric Raymond Fetchmail 5.3.8
  • Eric Raymond Fetchmail 5.4.0.0
  • Eric Raymond Fetchmail 5.4.1
  • Eric Raymond Fetchmail 5.4.2
  • Eric Raymond Fetchmail 5.4.3
  • Eric Raymond Fetchmail 5.4.4
  • Eric Raymond Fetchmail 5.4.5
  • Eric Raymond Fetchmail 5.5.0
  • Eric Raymond Fetchmail 5.5.1
  • Eric Raymond Fetchmail 5.5.2
  • Eric Raymond Fetchmail 5.5.3
  • Eric Raymond Fetchmail 5.5.4
  • Eric Raymond Fetchmail 5.5.5
  • Eric Raymond Fetchmail 5.5.6
  • Eric Raymond Fetchmail 5.6.0
  • Eric Raymond Fetchmail 5.6.1
  • Eric Raymond Fetchmail 5.6.2
  • Eric Raymond Fetchmail 5.6.3
  • Eric Raymond Fetchmail 5.6.4
  • Eric Raymond Fetchmail 5.6.5
  • Eric Raymond Fetchmail 5.6.6
  • Eric Raymond Fetchmail 5.6.7
  • Eric Raymond Fetchmail 5.6.8
  • Eric Raymond Fetchmail 5.7.0
  • Eric Raymond Fetchmail 5.7.1
  • Eric Raymond Fetchmail 5.7.2
  • Eric Raymond Fetchmail 5.8.0.0
  • Eric Raymond Fetchmail 5.8.1
  • Eric Raymond Fetchmail 5.8.2
  • Eric Raymond Fetchmail 5.8.3
  • Eric Raymond Fetchmail 5.8.4
  • Eric Raymond Fetchmail 5.8.5
  • Eric Raymond Fetchmail 5.8.6
  • S.u.S.E. Linux 7.1.0
  • S.u.S.E. Linux 7.1.0 alpha
  • S.u.S.E. Linux 7.1.0 ppc
  • S.u.S.E. Linux 7.1.0 sparc
  • S.u.S.E. Linux 7.1.0 x86
  • S.u.S.E. Linux 7.2.0

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.