1 fetchmail-SA-2006-03: crash when refusing message delivered through MDA
3 Topics: fetchmail crashes when refusing a message to an MDA
5 Author: Matthias Andree
8 Type: denial of service
9 Impact: fetchmail aborts prematurely
11 Credits: Neil Hoggarth (bug report and analysis)
12 CVE Name: CVE-2006-5974
13 URL: http://fetchmail.berlios.de/fetchmail-SA-2006-03.txt
14 Project URL: http://fetchmail.berlios.de/
16 Affects: fetchmail release = 6.3.5
17 fetchmail release candidates 6.3.6-rc1, -rc2
19 Not affected: fetchmail release 6.3.6
21 Corrected: 2006-11-14 fetchmail SVN
27 2006-11-19 internal review draft
33 fetchmail is a software package to retrieve mail from remote POP2, POP3,
34 IMAP, ETRN or ODMR servers and forward it to local SMTP, LMTP servers or
35 message delivery agents.
37 fetchmail ships with a graphical, Python/Tkinter based configuration
38 utility named "fetchmailconf" to help the user create configuration (run
39 control) files for fetchmail.
42 2. Problem description and Impact
43 =================================
45 Fetchmail 6.3.5 and early 6.3.6 release candidates, when delivering
46 messages to a message delivery agent by means of the "mda" option, can
47 crash (by passing a NULL pointer to ferror() and fflush()) when refusing
48 a message. SMTP and LMTP delivery modes aren't affected.
54 Avoid the mda option and ship to a local SMTP or LMTP server instead.
60 Download and install fetchmail 6.3.6 or a newer stable release from
61 fetchmail's project site at
62 <http://developer.berlios.de/project/showfiles.php?group_id=1824>.
66 A. Copyright, License and Warranty
67 ==================================
69 (C) Copyright 2006 by Matthias Andree, <matthias.andree@gmx.de>.
72 This work is licensed under the Creative Commons
73 Attribution-NonCommercial-NoDerivs German License. To view a copy of
74 this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/
75 or send a letter to Creative Commons; 559 Nathan Abbott Way;
76 Stanford, California 94305; USA.
78 THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.
79 Use the information herein at your own risk.
81 END OF fetchmail-SA-2006-03.txt