tech-pkg: Fwd: Advisory 03/2002: Fetchmail remote vulnerabilities

Subject: Fwd: Advisory 03/2002: Fetchmail remote vulnerabilities
To: None <frueauf@netbsd.org>
From: Alan Post <apost@interwoven.com>
List: tech-pkg
Date: 09/30/2002 11:50:58

As seen on bugtraq today. Seems rather serious to me, as control of the mail
server is not required to exploit this.
The version of fetchmail in pkgsrc is 5.9.13.
 Alan
From: Stefan Esser <s.esser@e-matters.de>
Newsgroups: gmane.comp.security.bugtraq
Subject: Advisory 03/2002: Fetchmail remote vulnerabilities
Date: 2002年9月29日 11:44:50 +0200
User-Agent: Mutt/1.4i
 Advisory: Fetchmail remote vulnerabilities
 Release Date: 2002年09月29日
Last Modified: 2002年09月29日
 Author: Stefan Esser [s.esser@e-matters.de]
 Application: Fetchmail <= 6.0.0
 Severity: Several vulnerabilities within Fetchmail could
 allow remote compromise.
 Risk: Critical
Vendor Status: Vendor released version 6.1.0
 Reference: http://security.e-matters.de/advisories/032002.html
Overview:
	
 We have discovered several bufferoverflows and a broken boundary check
 within Fetchmail. If Fetchmail is running in multidrop mode these flaws
 can be used by remote attackers to crash it or to execute arbitrary
 code with the permissions of the user running fetchmail. Depending on
 the configuration this allows a remote root compromise.