Fetchmail v6.24 and below contains a remote denial of service vulnerability which can be exploited by sending a specially crafted email. Fix available here.
e79612b16d2c2e8069f5a46e09f2cbb86dd22b2c2310ff8597675222ee5ca969
TITLE:
fetchmail Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA10025
VERIFY ADVISORY:
http://www.secunia.com/advisories/10025/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
From remote
SOFTWARE:
Fetchmail 6.x
DESCRIPTION:
An unspecified vulnerability has been reported in fetchmail, which
can be exploited by malicious people to cause a Denial of Service by
sending a specially crafted email.
No further details have been disclosed.
The vulnerability has been reported in version 6.2.4. Prior versions
may also be affected.
SOLUTION:
Update to version 6.2.5:
http://catb.org/~esr/fetchmail/fetchmail-6.2.5.tar.gz
OTHER REFERENCES:
MandrakeSoft Security Advisory MDKSA-2003:101:
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:101
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : support@secunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145
----------------------------------------------------------------------