---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Fetchmail Large Header Processing Denial of Service SECUNIA ADVISORY ID: SA30742 VERIFY ADVISORY: http://secunia.com/advisories/30742/ CRITICAL: Less critical IMPACT: DoS WHERE: >From remote SOFTWARE: Fetchmail 6.x http://secunia.com/product/370/ DESCRIPTION: A vulnerability has been reported in Fetchmail, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when printing overly large e-mail headers (over 2048 bytes) and can be exploited to crash the application. Successful exploitation requires that Fetchmail is started with high verbosity (two or more "-v" arguments are used). The vulnerability is reported in versions prior to 6.3.9. SOLUTION: Update to version 6.3.9 as soon as available or apply patch for version 6.3.8. Please see vendor's advisory for more details. PROVIDED AND/OR DISCOVERED BY: The vendor credits Gunter Nau. ORIGINAL ADVISORY: http://www.fetchmail.info/fetchmail-SA-2008-01.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------