diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2007-07-29 09:48:20 +0000 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2007-07-29 09:48:20 +0000 |
| commit | e76ae1ef1afb66f8be3f30725ce42d53c096cf79 (patch) | |
| tree | 9ba26eb75497aee360f9b6a43ab07ae2af774d69 | |
| parent | 481e6bffbb7c3fd686464478b90a0373c807951c (diff) | |
| download | fetchmail-e76ae1ef1afb66f8be3f30725ce42d53c096cf79.tar.gz fetchmail-e76ae1ef1afb66f8be3f30725ce42d53c096cf79.tar.bz2 fetchmail-e76ae1ef1afb66f8be3f30725ce42d53c096cf79.zip | |
Add fetchmail-SA-2007-02.txt and promote Earl Chew's bug fix to security.
svn path=/branches/BRANCH_6-3/; revision=5120
| -rw-r--r-- | Makefile.am | 1 | ||||
| -rw-r--r-- | NEWS | 16 | ||||
| -rw-r--r-- | fetchmail-SA-2007-02.txt | 74 |
3 files changed, 85 insertions, 6 deletions
diff --git a/Makefile.am b/Makefile.am index 423450da..f67e8343 100644 --- a/Makefile.am +++ b/Makefile.am @@ -129,6 +129,7 @@ DISTDOCS= FAQ FEATURES NOTES OLDNEWS fetchmail-man.html \ fetchmail-features.html README.SSL README.NTLM \ README.packaging \ fetchmail-FAQ.book fetchmail-FAQ.pdf fetchmail-FAQ.html \ + fetchmail-SA-2007-02.txt \ fetchmail-SA-2007-01.txt \ fetchmail-SA-2006-03.txt \ fetchmail-SA-2006-02.txt \ @@ -44,13 +44,16 @@ be removed from a 6.4.0 or newer release.) fetchmail 6.3.9 (not yet released): -# CRITICAL BUG FIX: -* When fetchmail tries to inject a warning message it created itself, and the - message is refused by the SMTP listener, fetchmail dereferences a NULL - pointer and crashes. Report and fix by Earl Chew. +# SECURITY FIX: +* CVE-2007-XXXX: Denial of service: When fetchmail tries to inject a warning + message it created itself, and the message is refused by the SMTP listener, + fetchmail dereferences a NULL pointer and crashes. Report & fix by Earl Chew. + Note while this is theoretically a remote denial of service attack vector, + fetchmail by default talks SMTP to the localhost, so the overall risk is + rather low. This bug was apparently introduced on 1998-11-27 when the bouncemail facility - was modularized by ESR. The bug made then its appearance in fetchmail release - 4.6.8. + was modularized. The bug made then its appearance in fetchmail release 4.6.8. + See fetchmail-SA-2007-02.txt. # BUG FIXES: * The configure script will additionally check for 'dn_skipname', to fix build @@ -65,6 +68,7 @@ fetchmail 6.3.9 (not yet released): Thanks to Matthias Strauß for a configuration to reproduce the issue. # DOCUMENTATION: +* Add fetchmail-SA-2007-02.txt * Re-add two lines to the manual page that had accidentally become comments to nroff. One was part of the --sslproto documentation, and one in the "Awakening the background daemon" section. diff --git a/fetchmail-SA-2007-02.txt b/fetchmail-SA-2007-02.txt new file mode 100644 index 00000000..2ab3363f --- /dev/null +++ b/fetchmail-SA-2007-02.txt @@ -0,0 +1,74 @@ +fetchmail-SA-2007-02: Crash when warning message is rejected + +Topics: Crash when fetchmail-generated warning message is rejected + +Author: Matthias Andree +Version: 1.0 +Announced: 2007-07-29 +Type: NULL pointer dereference trigged by outside circumstances +Impact: denial of service possible +Danger: low +Credits: Earl Chew +CVE Name: XXX +URL: http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt +Project URL: http://fetchmail.berlios.de/ + +Affects: fetchmail release < 6.3.9 + +Not affected: fetchmail release 6.3.9 + +Corrected: 2007-07-29 fetchmail SVN (rev 5119) + + +0. Release history +================== + +2007-07-29 1.0 first release + + +1. Background +============= + +fetchmail is a software package to retrieve mail from remote POP2, POP3, +IMAP, ETRN or ODMR servers and forward it to local SMTP, LMTP servers or +message delivery agents. + +fetchmail ships with a graphical, Python/Tkinter based configuration +utility named "fetchmailconf" to help the user create configuration (run +control) files for fetchmail. + + +2. Problem description and Impact +================================= + +fetchmail will generated warning messages to the local postmaster or user in +certain circumstances, for instance when authentication fails. + +If this warning message is refused by the SMTP listener that fetchmail is +talking to, fetchmail attempts to dereference a NULL pointer when trying to find +out if it should allow a bounce message to be sent. + + +3. Solution +=========== + +Install fetchmail 6.3.9 or newer. The fetchmail source code is available from +<http://developer.berlios.de/project/showfiles.php?group_id=1824>. + + +A. Copyright, License and Warranty +================================== + +(C) Copyright 2007 by Matthias Andree, <matthias.andree@gmx.de>. +Some rights reserved. + +This work is licensed under the Creative Commons +Attribution-NonCommercial-NoDerivs German License. To view a copy of +this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/ +or send a letter to Creative Commons; 559 Nathan Abbott Way; +Stanford, California 94305; USA. + +THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. +Use the information herein at your own risk. + +END OF fetchmail-SA-2007-02.txt |