LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

fetchmail: denial of service

Package(s):fetchmail CVE #(s):CVE-2010-1167
Created:May 17, 2010 Updated:June 7, 2011
Description: From the CVE entry:

fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.

Alerts:
Mandriva MDVSA-2011:107 2011-06-07
Slackware SSA:2010-136-01 2010-05-17
(Log in to post comments)

fetchmail: denial of service

Posted May 20, 2010 21:36 UTC (Thu) by nix (subscriber, #2304) [Link]

fetchmail 6.3.16?! Typo?

fetchmail: denial of service

Posted May 25, 2010 13:43 UTC (Tue) by tomj (subscriber, #63242) [Link]

The version number is ok, current release is 6.3.17.

fetchmail: denial of service

Posted May 28, 2010 18:16 UTC (Fri) by nix (subscriber, #2304) [Link]

But 4.6.3? This is a bug that's been there since the dawn of time?

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds