Merge branch 'common-6x' into legacy_63

[~andy/fetchmail] / fetchmail-SA-2010-01.txt

diff --git a/fetchmail-SA-2010-01.txt b/fetchmail-SA-2010-01.txt
index 53168349bda4ab1787ece9bd4e6b45fdb3ae335e..d62764120ff2b556d82d94084443e5661c7d8191 100644 (file)
--- a/fetchmail-SA-2010-01.txt
+++ b/fetchmail-SA-2010-01.txt
@@ -1,16 +1,19 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
 fetchmail-SA-2010-01: Heap overrun in verbose SSL cert' info display.
 
 Topics:                Heap overrun in verbose SSL certificate information display.
 
 Author:                Matthias Andree
 Version:       1.0
-Announced:
+Announced:     2010-02-05
 Type:          malloc() Buffer overrun with printable characters
 Impact:                Code injection (difficult).
 Danger:                low
-CVSSv2 vectors:
 
-CVE Name:
+CVE Name:      CVE-2010-0562
+CVSSv2:                (AV:N/AC:H/Au:N/C:N/I:C/A:P/E:U/RL:O/RC:C) proposed
 URL:           http://www.fetchmail.info/fetchmail-SA-2010-01.txt
 Project URL:   http://www.fetchmail.info/
 
@@ -19,12 +22,16 @@ Affects:    fetchmail releases 6.3.11, 6.3.12, and 6.3.13
 Not affected:  fetchmail release 6.3.14 and newer
 
 Corrected:     2010-02-04 fetchmail SVN (r5467)
+                          Git (f1c7607615ebd48807db6170937fe79bb89d47d4)
+               2010-02-05 fetchmail release 6.3.14
 
 
 0. Release history
 ==================
 
-2010-02-04 0.1 first draft (visible in SVN)
+2010-02-04 0.1 first draft (visible in SVN and through oss-security)
+2010-02-05 1.0 fixed signed/unsigned typo (found by Nico Golde)
+2010-02-09 1.1 added CVE/CVSS, Announced: date
 
 
 1. Background
@@ -50,14 +57,14 @@ buffer overrun because non-printing characters are escaped as
 \xFF..FFnn, where nn is 80..FF in hex.
 
 This might be exploitable to inject code if
-- fetchmail is run in verbose mode
+- - fetchmail is run in verbose mode
 AND
-- the host running fetchmail considers char unsigned
+- - the host running fetchmail considers char signed
 AND
-- the server uses malicious certificates with non-printing characters
+- - the server uses malicious certificates with non-printing characters
   that have the high bit set
 AND
-- these certificates manage to inject shell-code that consists purely of
+- - these certificates manage to inject shell-code that consists purely of
   printable characters.
 
 It is believed to be difficult to achieve all this.
@@ -115,16 +122,23 @@ or strip them manually. You may want to use the "-p1" flag to patch.
 Whitespace differences can usually be ignored by invoking "patch -l",
 so try this if the patch does not apply.
 
---- a/sdump.c
+- --- a/sdump.c
 +++ b/sdump.c
 @@ -36,7 +36,7 @@ char *sdump(const char *in, size_t len)
        if (isprint((unsigned char)in[i])) {
            *(oi++) = in[i];
        } else {
--          oi += sprintf(oi, "\\x%02X", in[i]);
+- -        oi += sprintf(oi, "\\x%02X", in[i]);
 +          oi += sprintf(oi, "\\x%02X", (unsigned char)in[i]);
        }
      }
      *oi = '\0';
 
 END OF fetchmail-SA-2010-01.txt
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.12 (GNU/Linux)
+
+iEYEARECAAYFAktxLWcACgkQvmGDOQUufZUGBQCg8AU5mXRaGBo+tETsGYjFX10m
+6SYAnA6IVIeoTjKvspD8BnLLd0yGU2iw
+=b7ry
+-----END PGP SIGNATURE-----