Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Security Update: [CSSA-2003-001.0] Linux: fetchmail at-sign buffer overflow vulnerability

From: security () caldera com
Date: Thu, 9 Jan 2003 11:55:25 -0800
To: bugtraq () securityfocus com announce () lists caldera com security-alerts () linuxsecurity com full-disclosure () 
lists netsys com

______________________________________________________________________________

                        SCO Security Advisory

Subject:                Linux: fetchmail at-sign buffer overflow vulnerability 
Advisory number:        CSSA-2003-001.0
Issue date:             2003 January 09
Cross reference:
______________________________________________________________________________


1. Problem Description

        Heap-based buffer overflow in fetchmail does not account for the
        "@" character when determining buffer lengths for local addresses,
        which allows remote attackers to execute arbitrary code via a
        header with a large number of local addresses.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------

        OpenLinux 3.1.1 Server          prior to fetchmail-6.1.0-4.i386.rpm

        OpenLinux 3.1.1 Workstation     prior to fetchmail-6.1.0-4.i386.rpm

        OpenLinux 3.1 Server            prior to fetchmail-6.1.0-4.i386.rpm

        OpenLinux 3.1 Workstation       prior to fetchmail-6.1.0-4.i386.rpm


3. Solution

        The proper solution is to install the latest packages. Many
        customers find it easier to use the Caldera System Updater, called
        cupdate (or kcupdate under the KDE environment), to update these
        packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-001.0/RPMS

        4.2 Packages

        6035679560eb91ad57ec143469744f6f        fetchmail-6.1.0-4.i386.rpm

        4.3 Installation

        rpm -Fvh fetchmail-6.1.0-4.i386.rpm

        4.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-001.0/SRPMS

        4.5 Source Packages

        8324bf38216402b13657e3a137c04f52        fetchmail-6.1.0-4.src.rpm


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-001.0/RPMS

        5.2 Packages

        f1205c6cfa4d5a2205eb5596fc3b3efd        fetchmail-6.1.0-4.i386.rpm

        5.3 Installation

        rpm -Fvh fetchmail-6.1.0-4.i386.rpm

        5.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-001.0/SRPMS

        5.5 Source Packages

        6bbd2ab3ca320deb7e6bb6255f02c0ee        fetchmail-6.1.0-4.src.rpm


6. OpenLinux 3.1 Server

        6.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-001.0/RPMS

        6.2 Packages

        f889dbefab6282e17225e98cc8ee9f85        fetchmail-6.1.0-4.i386.rpm

        6.3 Installation

        rpm -Fvh fetchmail-6.1.0-4.i386.rpm

        6.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-001.0/SRPMS

        6.5 Source Packages

        c86a332f4ad72cdd118c111167634c58        fetchmail-6.1.0-4.src.rpm


7. OpenLinux 3.1 Workstation

        7.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-001.0/RPMS

        7.2 Packages

        ed4c33e63e1c430202125ab1f9e9e94c        fetchmail-6.1.0-4.i386.rpm

        7.3 Installation

        rpm -Fvh fetchmail-6.1.0-4.i386.rpm

        7.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-001.0/SRPMS

        7.5 Source Packages

        1cb257a1a13481b518fa3ef0016cef4c        fetchmail-6.1.0-4.src.rpm


8. References

        Specific references for this advisory:

                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1365
                http://security.e-matters.de/advisories/052002.html     

        SCO security resources:

                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr872719, fz526873,
        erg712185.


9. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.


10. Acknowledgements

        Stefan Esser <s.esser () e-matters de> discovered and researched
        this vulnerability.

______________________________________________________________________________

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: