1 fetchmail-SA-2007-02: Crash when warning message is rejected
3 Topics: Crash when fetchmail-generated warning message is rejected
5 Author: Matthias Andree
8 Type: NULL pointer dereference trigged by outside circumstances
9 Impact: denial of service possible
13 URL: http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt
14 Project URL: http://fetchmail.berlios.de/
16 Affects: fetchmail release < 6.3.9
18 Not affected: fetchmail release 6.3.9
20 Corrected: 2007-07-29 fetchmail SVN (rev 5119)
26 2007-07-29 1.0 first release
32 fetchmail is a software package to retrieve mail from remote POP2, POP3,
33 IMAP, ETRN or ODMR servers and forward it to local SMTP, LMTP servers or
34 message delivery agents.
36 fetchmail ships with a graphical, Python/Tkinter based configuration
37 utility named "fetchmailconf" to help the user create configuration (run
38 control) files for fetchmail.
41 2. Problem description and Impact
42 =================================
44 fetchmail will generated warning messages to the local postmaster or user in
45 certain circumstances, for instance when authentication fails.
47 If this warning message is refused by the SMTP listener that fetchmail is
48 talking to, fetchmail attempts to dereference a NULL pointer when trying to find
49 out if it should allow a bounce message to be sent.
55 Install fetchmail 6.3.9 or newer. The fetchmail source code is available from
56 <http://developer.berlios.de/project/showfiles.php?group_id=1824>.
59 A. Copyright, License and Warranty
60 ==================================
62 (C) Copyright 2007 by Matthias Andree, <matthias.andree@gmx.de>.
65 This work is licensed under the Creative Commons
66 Attribution-NonCommercial-NoDerivs German License. To view a copy of
67 this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/
68 or send a letter to Creative Commons; 559 Nathan Abbott Way;
69 Stanford, California 94305; USA.
71 THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.
72 Use the information herein at your own risk.
74 END OF fetchmail-SA-2007-02.txt