LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Remotely-exploitable buffer overflow vulnerability in fetchmail

Package(s):fetchmail CVE #(s):CAN-2002-0146
Created:June 5, 2002 Updated:June 18, 2002
Description: Fetchmail versions prior to 5.9.10 have a buffer overflow vulnerability that may be exploited by a malicious IMAP server. The fetchmail client allocated memory to store the sizes of the messages it is attempting to retrieve based on a message count provided by the IMAP server. A malicious IMAP server could provide an artifically large message count to force the fetchmail process to write data outside of the allocated memory. (First LWN report: May 9).
Alerts:
SCO Group CSSA-2002-027.0 2002-06-17
Yellow Dog YDU-20020522-2 2002-05-22
Red Hat RHSA-2002:047-10 2002-05-20
Mandrake MDKSA-2002:036 2002-05-28
Eridani ERISA-2002:016 2002-05-22
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds