Date: Thu, 9 Jan 2003 11:55:25 -0800
From: security@caldera.com
To: bugtraq@securityfocus.com, announce@lists.caldera.com,
Subject: Security Update: [CSSA-2003-001.0] Linux: fetchmail at-sign buffer overflow vulnerability
--jRHKVT23PllUwdXP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@li=
nuxsecurity.com full-disclosure@lists.netsys.com
___________________________________________________________________________=
___
SCO Security Advisory
Subject: Linux: fetchmail at-sign buffer overflow vulnerability=20
Advisory number: CSSA-2003-001.0
Issue date: 2003 January 09
Cross reference:
___________________________________________________________________________=
___
1. Problem Description
Heap-based buffer overflow in fetchmail does not account for the
"@" character when determining buffer lengths for local addresses,
which allows remote attackers to execute arbitrary code via a
header with a large number of local addresses.
2. Vulnerable Supported Versions
System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to fetchmail-6.1.0-4.i386.rpm
OpenLinux 3.1.1 Workstation prior to fetchmail-6.1.0-4.i386.rpm
OpenLinux 3.1 Server prior to fetchmail-6.1.0-4.i386.rpm
OpenLinux 3.1 Workstation prior to fetchmail-6.1.0-4.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-001.0/RPMS
4.2 Packages
6035679560eb91ad57ec143469744f6f fetchmail-6.1.0-4.i386.rpm
4.3 Installation
rpm -Fvh fetchmail-6.1.0-4.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-001.0/SRPMS
4.5 Source Packages
8324bf38216402b13657e3a137c04f52 fetchmail-6.1.0-4.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-001.0/=
RPMS
5.2 Packages
f1205c6cfa4d5a2205eb5596fc3b3efd fetchmail-6.1.0-4.i386.rpm
5.3 Installation
rpm -Fvh fetchmail-6.1.0-4.i386.rpm
5.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-001.0/=
SRPMS
5.5 Source Packages
6bbd2ab3ca320deb7e6bb6255f02c0ee fetchmail-6.1.0-4.src.rpm
6. OpenLinux 3.1 Server
6.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-001.0/RPMS
6.2 Packages
f889dbefab6282e17225e98cc8ee9f85 fetchmail-6.1.0-4.i386.rpm
6.3 Installation
rpm -Fvh fetchmail-6.1.0-4.i386.rpm
6.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-001.0/SRPMS
6.5 Source Packages
c86a332f4ad72cdd118c111167634c58 fetchmail-6.1.0-4.src.rpm
7. OpenLinux 3.1 Workstation
7.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-001.0/RP=
MS
7.2 Packages
ed4c33e63e1c430202125ab1f9e9e94c fetchmail-6.1.0-4.i386.rpm
7.3 Installation
rpm -Fvh fetchmail-6.1.0-4.i386.rpm
7.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-001.0/SR=
PMS
7.5 Source Packages
1cb257a1a13481b518fa3ef0016cef4c fetchmail-6.1.0-4.src.rpm
8. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2002-1365http://security.e-matters.de/advisories/052002.html=09
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr872719, fz526873,
erg712185.
9. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
10. Acknowledgements
Stefan Esser <s.esser@e-matters.de> discovered and researched
this vulnerability.
___________________________________________________________________________=
___
--jRHKVT23PllUwdXP
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj4d060ACgkQbluZssSXDTFDJACeMrssdV7I0qpUd9+N/X2mN+QN
PeMAoMrhNR86H/NG3KDg7DaqFAjc9lEx
=wIHI
-----END PGP SIGNATURE-----
--jRHKVT23PllUwdXP--
