Re: [RHSA-2002:047-10] Updated fetchmail packages available

From: Florian Weimer (Weimer@CERT.Uni-Stuttgart.DE)
Date: 05/31/02


To: bugtraq@securityfocus.com
From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
Date: Fri, 31 May 2002 15:39:41 +0200

bugzilla@redhat.com writes:

> Updated fetchmail packages are available for Red Hat Linux 6.2, 7, 7.1,
> 7.2, and 7.3 which close a remotely-exploitable vulnerability in unpatched
> versions of fetchmail prior to 5.9.10.

It appears that this vulnerability is caused by some alloca()
implementations which do not return zero if the caller requests more
memory than which is available.

Red Hat's patch does not address the root of the problem by fixing
alloca() (a problem which might be of more generic nature and could
well be present in other software as well), but it bounds the
requested memory by something which appears to be a rather arbitrary
constant.

-- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898