Fetchmail Failed Warning Message Remote Denial of Service Vulnerability
BID:25495
Info
Fetchmail Failed Warning Message Remote Denial of Service Vulnerability
| Bugtraq ID: | 25495 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-4565 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 30 2007 12:00AM |
| Updated: | Sep 09 2009 01:31AM |
| Credit: | Earl Chew discovered this issue. |
| Vulnerable: |
Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Trustix Secure Linux 3.0.5 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 10 SP1 SuSE SUSE Linux Enterprise Server 10 SuSE SUSE Linux Enterprise SDK 10.SP1 SuSE SUSE Linux Enterprise SDK 10 SuSE SUSE Linux Enterprise SDK 10 SuSE Suse Linux Enterprise Desktop 10 SP1 SuSE Suse Linux Enterprise Desktop 10 SuSE Linux Enterprise Server 9 SuSE Linux Enterprise Server 10.SP1 SuSE Linux Enterprise Server 10 SuSE Linux Desktop 10 SuSE Linux 10.1 x86-64 SuSE Linux 10.1 x86 SuSE Linux 10.1 ppc SuSE Linux 10.0 x86-64 SuSE Linux 10.0 x86 SuSE Linux 10.0 ppc S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 10.2 X86 64 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.2 X86 64 S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 rPath rPath Linux 1 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux Desktop version 4 Redhat Enterprise Linux 5 Server Redhat Desktop 3.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Foresight Linux Foresight Linux 1.1 Eric Raymond Fetchmail 6.3.8 Eric Raymond Fetchmail 6.3.7 Eric Raymond Fetchmail 6.3.6 -rc3 Eric Raymond Fetchmail 6.3.6 -rc2 Eric Raymond Fetchmail 6.3.6 -rc1 Eric Raymond Fetchmail 6.3.6 Eric Raymond Fetchmail 6.3.5 Eric Raymond Fetchmail 6.3.4 Eric Raymond Fetchmail 6.3.3 Eric Raymond Fetchmail 6.3.2 Eric Raymond Fetchmail 6.3.1 Eric Raymond Fetchmail 6.3 Eric Raymond Fetchmail 6.2.5 Eric Raymond Fetchmail 4.6.8 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mips Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Apple Mac OS X Server 10.5.6 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.6 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.5 |
| Not Vulnerable: |
Eric Raymond Fetchmail 6.3.9 Eric Raymond Fetchmail 4.6.7 |
Discussion
Fetchmail Failed Warning Message Remote Denial of Service Vulnerability
Fetchmail is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
This issue affects Fetchmail 4.6.8 through 6.3.8.
Fetchmail is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
This issue affects Fetchmail 4.6.8 through 6.3.8.
Exploit / POC
Fetchmail Failed Warning Message Remote Denial of Service Vulnerability
Attackers exploit this issue by subverting the SMTP server that Fetchmail is configured to deliver email to or by performing a man-in-the-middle attack.
Attackers exploit this issue by subverting the SMTP server that Fetchmail is configured to deliver email to or by performing a man-in-the-middle attack.
Solution / Fix
Fetchmail Failed Warning Message Remote Denial of Service Vulnerability
Solution:
The vendor has released an advisory along with fixes to address this issue. Please see the references for more information.
The following patch is available from the vendor and can be used until the official Fetchmail 6.3.9 has been released:
Index: sink.c
===================================================================
--- sink.c (revision 5118)
+++ sink.c (revision 5119)
@@ -262,7 +262,7 @@
const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@";
/* don't bounce in reply to undeliverable bounces */
- if (!msg->return_path[0] ||
+ if (!msg || !msg->return_path[0] ||
strcmp(msg->return_path, "<>") == 0 ||
strcasecmp(msg->return_path, md1) == 0 ||
strncasecmp(msg->return_path, md2, strlen(md2)) == 0)
Apple Mac OS X 10.4.11
Apple Mac OS X Server 10.4.11
Apple Mac OS X 10.5.6
Solution:
The vendor has released an advisory along with fixes to address this issue. Please see the references for more information.
The following patch is available from the vendor and can be used until the official Fetchmail 6.3.9 has been released:
Index: sink.c
===================================================================
--- sink.c (revision 5118)
+++ sink.c (revision 5119)
@@ -262,7 +262,7 @@
const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@";
/* don't bounce in reply to undeliverable bounces */
- if (!msg->return_path[0] ||
+ if (!msg || !msg->return_path[0] ||
strcmp(msg->return_path, "<>") == 0 ||
strcasecmp(msg->return_path, md1) == 0 ||
strncasecmp(msg->return_path, md2, strlen(md2)) == 0)
Apple Mac OS X 10.4.11
-
Apple SecUpd2009-001Intel.dmg
for Intel
http://support.apple.com/downloads/Security_Update_2009_001__Tiger_Int el_ -
Apple SecUpd2009-001PPC.dmg
for PPC
http://support.apple.com/downloads/Security_Update_2009_001__Tiger_PPC _
Apple Mac OS X Server 10.4.11
-
Apple SecUpdSrvr2009-001PPC.dmg
for PPC
http://support.apple.com/downloads/Security_Update_2009_001__Server_Ti ger_PPC_ -
Apple SecUpdSrvr2009-001Univ.dmg
Universal
http://support.apple.com/downloads/Security_Update_2009_001__Server_Un iversal_
Apple Mac OS X 10.5.6
-
Apple SecUpd2009-001.dmg
http://support.apple.com/downloads/Security_Update_2009_001__Leopard_
References
Fetchmail Failed Warning Message Remote Denial of Service Vulnerability
References:
References:
- Fetchmail Home Page (Fetchmail)
- fetchmail-SA-2007-02: Crash when a local warning message is rejected (Fetchmail)