aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthias Andree <matthias.andree@gmx.de>2005-07-21 10:54:00 +0000
committerMatthias Andree <matthias.andree@gmx.de>2005-07-21 10:54:00 +0000
commit55a7d7f9811aa55c21a9ff67708d340be3deb715 (patch)
tree7da285f08a01d119e58b88a437135c1664adea04
parent9f2b09b78ca2d5f09ef45def9c4f120ed2793324 (diff)
downloadfetchmail-55a7d7f9811aa55c21a9ff67708d340be3deb715.tar.gz
fetchmail-55a7d7f9811aa55c21a9ff67708d340be3deb715.tar.bz2
fetchmail-55a7d7f9811aa55c21a9ff67708d340be3deb715.zip
Add security announcement.
svn path=/trunk/; revision=4153
-rw-r--r--Makefile.am3
-rw-r--r--fetchmail-SA-2005-01.txt91
2 files changed, 93 insertions, 1 deletions
diff --git a/Makefile.am b/Makefile.am
index 4a11ea99..5c6d1a1a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -72,7 +72,8 @@ fetchmail.spec: Makefile.in specgen.sh
DISTDOCS= BUGS FAQ FEATURES NOTES OLDNEWS fetchmail-man.html \
fetchmail-FAQ.html design-notes.html esrs-design-notes.html todo.html \
- fetchmail-features.html README.SSL README.NTLM
+ fetchmail-features.html README.SSL README.NTLM \
+ fetchmail-SA-2005-01.txt
# extra directories to ship
distdirs = rh-config contrib beos
diff --git a/fetchmail-SA-2005-01.txt b/fetchmail-SA-2005-01.txt
new file mode 100644
index 00000000..d9e9aa2a
--- /dev/null
+++ b/fetchmail-SA-2005-01.txt
@@ -0,0 +1,91 @@
+fetchmail-SA-2005-01: security announcement
+
+Topic: remote code injection vulnerability in fetchmail
+
+Author: Matthias Andree
+Version: 1.00
+Announced: 2005-07-21
+Type: buffer overrun/stack corruption/code injection
+Impact: account or system compromise possible through malicious
+ or compromised POP3 servers
+Danger: high: in sensitive configurations, a full system
+ compromise is possible
+CVE Name: CAN-2005-2335
+URL: http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
+ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=212762
+ http://www.vuxml.org/freebsd/3497d7be-2fef-45f4-8162-9063751b573a.html
+ http://www.freebsd.org/cgi/query-pr.cgi?pr=83805
+
+Affects: fetchmail version 6.2.5
+ fetchmail version 6.2.0
+ (other versions have not been checked)
+
+Not affected: fetchmail 6.2.5.1
+ fetchmail 6.2.6-pre5 (not released yet)
+ fetchmail 6.3.0 (not released yet)
+
+ Older versions may not have THIS bug, but had been found
+ to contain other security-relevant bugs.
+
+Corrected: 2005-07-20 15:22 UTC (SVN) - committed bugfix (r4143)
+ 2005-07-20 fetchmail-patch-6.2.5.1 released
+
+0. Release history
+
+2005-07-20 1.00 initial announcement
+
+1. Background
+
+fetchmail is a software package to retrieve mail from remote POP2, POP3,
+IMAP, ETRN or ODMR servers and forward it to local SMTP, LMTP servers or
+message delivery agents.
+
+2. Problem description
+
+The POP3 code that deals with UIDs (from the UIDL) reads the responses
+returned by the POP3 server into fixed-size buffers allocated on the
+stack, without limiting the input length to the buffer size. A
+compromised or malicious POP3 server can thus overrun fetchmail's stack.
+This affects POP3 and all of its variants, for instance but not limited
+to APOP.
+
+3. Impact
+
+Very long UIDs can cause fetchmail to crash, or potentially make it
+execute code placed on the stack. In some configurations, fetchmail
+is run by the root user to download mail for multiple accounts.
+
+4. Workaround
+
+No reasonable workaround can be offered at this time.
+
+5. Solution
+
+Upgrade your fetchmail package to version 6.2.5.1.
+This requires the download of the fetchmail-6.2.5.tar.gz tarball and the
+fetchmail-patch-6.2.5.1.gz from BerliOS:
+
+<http://developer.berlios.de/project/showfiles.php?group_id=1824>
+
+Note that the files may be hidden from view later as new releases become
+available.
+
+Instructions for patching are given at
+<http://developer.berlios.de/forum/forum.php?forum_id=13104>
+
+A. References
+
+fetchmail home page: <http://fetchmail.berlios.de/>
+
+B. Copyright and License
+
+(C) Copyright 2005 by Matthias Andree, <matthias.andree@gmx.de>.
+Some rights reserved.
+
+This work is licensed under the Creative Commons
+Attribution-NonCommercial-NoDerivs German License. To view a copy of
+this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/
+or send a letter to Creative Commons; 559 Nathan Abbott Way;
+Stanford, California 94305; USA.
+
+END OF fetchmail-SA-2005-01.txt