TITLE: Fetchmail Headerless Message Denial of Service Vulnerability SECUNIA ADVISORY ID: SA17891 VERIFY ADVISORY: http://secunia.com/advisories/17891/ CRITICAL: Not critical IMPACT: DoS WHERE: >From remote SOFTWARE: Fetchmail 6.x http://secunia.com/product/370/ DESCRIPTION: A vulnerability has been reported in Fetchmail, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a null pointer dereferencing error when handling a message without email headers. This can be exploited to crash Fetchmail when the upstream mail server sends a message without headers. Successful exploitation requires that Fetchmail is configured for multidrop mode and retrieves emails from a malicious upstream mail server. The vulnerability has been reported in versions 6.2.5.4 and 6.3.0. Prior versions may also be affected. SOLUTION: Update to the fixed version. http://developer.berlios.de/project/showfiles.php?group_id=1824&release_id=8405 Fetchmail 6.3.x: Update to version 6.3.1. Fetchmail 6.2.x: Update to version 6.2.5.5. PROVIDED AND/OR DISCOVERED BY: The vendor credits Daniel Drake and Sunil Shetye. ORIGINAL ADVISORY: http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------