+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
fetchmail-SA-2007-02: Crash when a local warning message is rejected
Topics: Crash when a fetchmail-generated warning message is rejected
Credits: Earl Chew
CVE Name: CVE-2007-4565
-URL: http://fetchmail.berlios.de/fetchmail-SA-2007-02.txt
-Project URL: http://fetchmail.berlios.de/
+URL: http://www.fetchmail.info/fetchmail-SA-2007-02.txt
+Project URL: http://www.fetchmail.info/
Affects: fetchmail release < 6.3.9 exclusively
is restarted.
Risk assessment: low. In default configuration, fetchmail will talk
-through the loopback interface, that is to the SMTP listener on the same
+through the loopback interface, that means to the SMTP server on the same
computer as it is running on. Otherwise, it will commonly be configured
-to talk to trusted SMTP servers, so a compromise of misconfiguration of
+to talk to trusted SMTP servers, so a compromise or misconfiguration of
a trusted or the same computer is required to exploit this problem -
which usually opens up much easier ways of denying service, or worse.
(C) Copyright 2007 by Matthias Andree, <matthias.andree@gmx.de>.
Some rights reserved.
-This work is licensed under the Creative Commons
-Attribution-NonCommercial-NoDerivs German License. To view a copy of
-this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/
-or send a letter to Creative Commons; 559 Nathan Abbott Way;
-Stanford, California 94305; USA.
+This work is licensed under the
+Creative Commons Attribution-NoDerivs 3.0 Germany License (CC BY-ND 3.0).
+
+To view a copy of this license, visit
+http://creativecommons.org/licenses/by-nd/3.0/de/deed.en
+or send a letter to:
+
+Creative Commons
+444 Castro Street
+Suite 900
+MOUNTAIN VIEW, CALIFORNIA 94041
+USA
+
THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.
Use the information herein at your own risk.
-
B. Patch to remedy the problem
==============================
Index: sink.c
===================================================================
---- sink.c (revision 5118)
+- --- sink.c (revision 5118)
+++ sink.c (revision 5119)
@@ -262,7 +262,7 @@
const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@";
/* don't bounce in reply to undeliverable bounces */
-- if (!msg->return_path[0] ||
+- - if (!msg->return_path[0] ||
+ if (!msg || !msg->return_path[0] ||
strcmp(msg->return_path, "<>") == 0 ||
strcasecmp(msg->return_path, md1) == 0 ||
strncasecmp(msg->return_path, md2, strlen(md2)) == 0)
END OF fetchmail-SA-2007-02.txt
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iEYEARECAAYFAk9/Yg4ACgkQvmGDOQUufZWWKwCfX4Ri89SzzUcXYxughs1CdnAk
+Z6IAniD4DzayVUR6UxA5K1OqX1CUDOhM
+=+YME
+-----END PGP SIGNATURE-----