BID:39556

Fetchmail Debug Mode With Multichar Locale Remote Denial of Service Vulnerability

Info

Fetchmail Debug Mode With Multichar Locale Remote Denial of Service Vulnerability

Bugtraq ID:	39556
Class:	Design Error
CVE:	CVE-2010-1167
Remote:	Yes
Local:	No
Published:	Apr 19 2010 12:00AM
Updated:	Jun 07 2011 11:40AM
Credit:	Matthias Andree
Vulnerable:	Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 10.0 Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 8.1 Slackware Linux x86_64 -current Slackware Linux 13.0 x86_64 Slackware Linux 13.0 Slackware Linux 12.2 Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux 11.0 Slackware Linux -current MandrakeSoft Linux Mandrake 2010.1 x86_64 MandrakeSoft Linux Mandrake 2010.1 MandrakeSoft Linux Mandrake 2009.0 x86_64 MandrakeSoft Linux Mandrake 2009.0 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 Eric Raymond Fetchmail 6.3.16 Eric Raymond Fetchmail 6.3.13 Eric Raymond Fetchmail 6.3.12 Eric Raymond Fetchmail 6.3.11 Eric Raymond Fetchmail 6.3.10 Eric Raymond Fetchmail 6.3.9 Eric Raymond Fetchmail 6.3.8 Eric Raymond Fetchmail 6.3.7 Eric Raymond Fetchmail 6.3.6 Eric Raymond Fetchmail 6.3.5 Eric Raymond Fetchmail 6.3.4 Eric Raymond Fetchmail 6.3.3 Eric Raymond Fetchmail 6.3.2 rc4 Eric Raymond Fetchmail 6.3.2 rc3 Eric Raymond Fetchmail 6.3.2 rc2 Eric Raymond Fetchmail 6.3.2 Eric Raymond Fetchmail 6.3.1 -rc1 Eric Raymond Fetchmail 6.3.1 Eric Raymond Fetchmail 6.3 .0 Eric Raymond Fetchmail 6.3 Eric Raymond Fetchmail 6.2.9 -rc6 Eric Raymond Fetchmail 6.2.6 -pre7 Eric Raymond Fetchmail 6.2.5 .5 Eric Raymond Fetchmail 6.2.5 .4 Eric Raymond Fetchmail 6.2.5 .2 Eric Raymond Fetchmail 6.2.5 .1 Eric Raymond Fetchmail 6.2.5 Eric Raymond Fetchmail 6.2.4 Eric Raymond Fetchmail 6.2.2 Eric Raymond Fetchmail 6.2 .0 Eric Raymond Fetchmail 6.1.3 + OpenPKG OpenPKG Current Eric Raymond Fetchmail 6.1 .0 + EnGarde Secure Linux 1.0.1 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Linux Mandrake 9.0 + MandrakeSoft Linux Mandrake 8.2 + MandrakeSoft Linux Mandrake 8.1 + MandrakeSoft Linux Mandrake 8.0 + MandrakeSoft Linux Mandrake 7.2 + MandrakeSoft Single Network Firewall 7.2 Eric Raymond Fetchmail 6.0 .0 Eric Raymond Fetchmail 5.9.14 + Gentoo Linux 1.4 _rc1 + Gentoo Linux 1.2 Eric Raymond Fetchmail 5.9.13 Eric Raymond Fetchmail 5.9.12 + Conectiva Linux 8.0 + Conectiva Linux 7.0 + Conectiva Linux 6.0 Eric Raymond Fetchmail 5.9.11 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha Eric Raymond Fetchmail 5.9.10 Eric Raymond Fetchmail 5.9.9 Eric Raymond Fetchmail 5.9.8 Eric Raymond Fetchmail 5.9.7 Eric Raymond Fetchmail 5.9.6 Eric Raymond Fetchmail 5.9.5 + OpenPKG OpenPKG 1.0 Eric Raymond Fetchmail 5.9.4 Eric Raymond Fetchmail 5.9.3 Eric Raymond Fetchmail 5.9.2 Eric Raymond Fetchmail 5.9.1 Eric Raymond Fetchmail 5.9 .0 Eric Raymond Fetchmail 5.8.17 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Server 3.1 + Caldera OpenLinux Workstation 3.1.1 + Caldera OpenLinux Workstation 3.1 Eric Raymond Fetchmail 5.8.16 Eric Raymond Fetchmail 5.8.15 Eric Raymond Fetchmail 5.8.14 Eric Raymond Fetchmail 5.8.13 Eric Raymond Fetchmail 5.8.12 Eric Raymond Fetchmail 5.8.11 Eric Raymond Fetchmail 5.8.10 Eric Raymond Fetchmail 5.8.9 Eric Raymond Fetchmail 5.8.8 Eric Raymond Fetchmail 5.8.7 Eric Raymond Fetchmail 5.8.6 - Apple Mac OS X 10.1 Eric Raymond Fetchmail 5.8.5 Eric Raymond Fetchmail 5.8.4 Eric Raymond Fetchmail 5.8.3 Eric Raymond Fetchmail 5.8.2 Eric Raymond Fetchmail 5.8.1 Eric Raymond Fetchmail 5.8 .0 + S.u.S.E. Linux 7.2 Eric Raymond Fetchmail 5.7.4 - MandrakeSoft Linux Mandrake 8.0 Eric Raymond Fetchmail 5.7.3 Eric Raymond Fetchmail 5.7.2 Eric Raymond Fetchmail 5.7.1 - Debian Linux 2.3 Eric Raymond Fetchmail 5.7 Eric Raymond Fetchmail 5.6.8 Eric Raymond Fetchmail 5.6.7 Eric Raymond Fetchmail 5.6.6 Eric Raymond Fetchmail 5.6.5 + S.u.S.E. Linux 7.1 x86 + S.u.S.E. Linux 7.1 sparc + S.u.S.E. Linux 7.1 ppc + S.u.S.E. Linux 7.1 alpha + S.u.S.E. Linux 7.1 Eric Raymond Fetchmail 5.6.4 Eric Raymond Fetchmail 5.6.3 Eric Raymond Fetchmail 5.6.2 Eric Raymond Fetchmail 5.6.1 Eric Raymond Fetchmail 5.6 Eric Raymond Fetchmail 5.5.6 Eric Raymond Fetchmail 5.5.5 - Conectiva Linux 6.0 - Conectiva Linux 5.1 - Conectiva Linux 5.0 - Conectiva Linux graficas - Conectiva Linux ecommerce Eric Raymond Fetchmail 5.5.4 Eric Raymond Fetchmail 5.5.3 Eric Raymond Fetchmail 5.5.2 Eric Raymond Fetchmail 5.5.1 Eric Raymond Fetchmail 5.5 Eric Raymond Fetchmail 5.4.5 Eric Raymond Fetchmail 5.4.4 Eric Raymond Fetchmail 5.4.3 Eric Raymond Fetchmail 5.4.2 Eric Raymond Fetchmail 5.4.1 Eric Raymond Fetchmail 5.4 .0 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Server 3.1 + Caldera OpenLinux Workstation 3.1.1 + Caldera OpenLinux Workstation 3.1 + EnGarde Secure Linux 1.0.1 - Guardian Digital Engarde Secure Linux 1.0.1 Eric Raymond Fetchmail 5.3.8 Eric Raymond Fetchmail 5.3.7 Eric Raymond Fetchmail 5.3.6 Eric Raymond Fetchmail 5.3.5 Eric Raymond Fetchmail 5.3.4 Eric Raymond Fetchmail 5.3.3 Eric Raymond Fetchmail 5.3.2 Eric Raymond Fetchmail 5.3.1 - Immunix Immunix OS 6.2 Eric Raymond Fetchmail 5.3 Eric Raymond Fetchmail 5.2 Eric Raymond Fetchmail 5.1 Eric Raymond Fetchmail 5.0 - Caldera OpenLinux 2.3 - Conectiva Linux 4.2 - Conectiva Linux 4.1 - Conectiva Linux 4.0 es - Conectiva Linux 4.0 - SCO eServer 2.3 Eric Raymond Fetchmail 4.6.8 Eric Raymond Fetchmail 4.6.7 Eric Raymond Fetchmail 6.3.6-rc4 Eric Raymond Fetchmail 6.3.6-rc3 Eric Raymond Fetchmail 6.3.6-rc2 Eric Raymond Fetchmail 6.3.6-rc1 Eric Raymond Fetchmail 6.3.2 rc1

Not Vulnerable:	Sun OpenSolaris snv_111b Eric Raymond Fetchmail 6.3.17

Discussion

Fetchmail Debug Mode With Multichar Locale Remote Denial of Service Vulnerability

Fetchmail is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Fetchmail version 4.6.3 up to and including version 6.3.16 are vulnerable.

Exploit / POC

Fetchmail Debug Mode With Multichar Locale Remote Denial of Service Vulnerability

Attackers can use a browser to exploit this issue.

Solution / Fix

Fetchmail Debug Mode With Multichar Locale Remote Denial of Service Vulnerability

Solution:
Updates are available. Please see the references for more information.

Slackware Linux 12.2

Slackware fetchmail-6.3.17-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/ fetchmail-6.3.17-i486-1_slack12.2.tgz

MandrakeSoft Linux Mandrake 2009.0 x86_64

Mandriva fetchmail-6.3.20-0.1mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva fetchmail-daemon-6.3.20-0.1mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva fetchmailconf-6.3.20-0.1mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/

Slackware Linux x86_64 -current

Slackware fetchmail-6.3.17-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ n/fetchmail-6.3.17-x86_64-1.txz

MandrakeSoft Enterprise Server 5

Mandriva fetchmail-6.3.20-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva fetchmailconf-6.3.20-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva fetchmail-daemon-6.3.20-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/download/

Slackware Linux 13.0 x86_64

Slackware fetchmail-6.3.17-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/package s/fetchmail-6.3.17-x86_64-1_slack13.0.txz

MandrakeSoft Linux Mandrake 2009.0

Mandriva fetchmail-daemon-6.3.20-0.1mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/

Mandriva fetchmail-6.3.20-0.1mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/

Mandriva fetchmailconf-6.3.20-0.1mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/

Slackware Linux 11.0

Slackware fetchmail-6.3.17-i486-1_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/ fetchmail-6.3.17-i486-1_slack11.0.tgz

Slackware Linux 12.0

Slackware fetchmail-6.3.17-i486-1_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/ fetchmail-6.3.17-i486-1_slack12.0.tgz

Slackware Linux -current

Slackware fetchmail-6.3.17-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/fe tchmail-6.3.17-i486-1.txz

Slackware Linux 10.0

Slackware fetchmail-6.3.17-i486-1_slack10.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ fetchmail-6.3.17-i486-1_slack10.0.tgz

Slackware Linux 10.1

Slackware fetchmail-6.3.17-i486-1_slack10.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/ fetchmail-6.3.17-i486-1_slack10.1.tgz

Slackware Linux 10.2

Slackware fetchmail-6.3.17-i486-1_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/ fetchmail-6.3.17-i486-1_slack10.2.tgz

MandrakeSoft Corporate Server 4.0 x86_64

Mandriva fetchmail-daemon-6.3.20-0.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva fetchmailconf-6.3.20-0.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva fetchmail-6.3.20-0.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/

Slackware Linux 8.1

Slackware fetchmail-6.3.17-i386-1_slack8.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/f etchmail-6.3.17-i386-1_slack8.1.tgz

Slackware Linux 9.0

Slackware fetchmail-6.3.17-i386-1_slack9.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/f etchmail-6.3.17-i386-1_slack9.0.tgz

Slackware Linux 9.1

Slackware fetchmail-6.3.17-i486-1_slack9.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/f etchmail-6.3.17-i486-1_slack9.1.tgz

References

Fetchmail Debug Mode With Multichar Locale Remote Denial of Service Vulnerability

References:

CVE-2010-1167 Fetchmail Debug Mode Denial of Service With Multibyte Locales (Sun)
Fetchmail Home Page (Fetchmail)
fetchmail-SA-2010-02: Denial of service in debug mode w/ multichar locales (Fetchmail)