Security Update: [CSSA-2003-001.0] Linux: fetchmail at-sign buffer overflow vulnerability

From: security@caldera.com
Date: 01/09/03

Next message: Dirk Van Droogenbroeck: "WebIntelligence session hijacking vulnerability"

Previous message: Kaspar Brand: "Re: Opentype font file causes Windows to restart."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: bugtraq@securityfocus.com, announce@lists.caldera.com, security-alerts@linuxsecurity.com, full-disclosure@lists.netsys.com
From: security@caldera.com
Date: Thu, 9 Jan 2003 11:55:25 -0800

To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com

______________________________________________________________________________

SCO Security Advisory

Subject: Linux: fetchmail at-sign buffer overflow vulnerability
Advisory number: CSSA-2003-001.0
Issue date: 2003 January 09
Cross reference:
______________________________________________________________________________

1. Problem Description

        Heap-based buffer overflow in fetchmail does not account for the
        "@" character when determining buffer lengths for local addresses,
        which allows remote attackers to execute arbitrary code via a
        header with a large number of local addresses.

2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to fetchmail-6.1.0-4.i386.rpm

OpenLinux 3.1.1 Workstation prior to fetchmail-6.1.0-4.i386.rpm

OpenLinux 3.1 Server prior to fetchmail-6.1.0-4.i386.rpm

OpenLinux 3.1 Workstation prior to fetchmail-6.1.0-4.i386.rpm

3. Solution

        The proper solution is to install the latest packages. Many
        customers find it easier to use the Caldera System Updater, called
        cupdate (or kcupdate under the KDE environment), to update these
        packages rather than downloading and installing them by hand.

4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-001.0/RPMS

4.2 Packages

6035679560eb91ad57ec143469744f6f fetchmail-6.1.0-4.i386.rpm

4.3 Installation

rpm -Fvh fetchmail-6.1.0-4.i386.rpm

4.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-001.0/SRPMS

4.5 Source Packages

8324bf38216402b13657e3a137c04f52 fetchmail-6.1.0-4.src.rpm

5. OpenLinux 3.1.1 Workstation

5.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-001.0/RPMS

5.2 Packages

f1205c6cfa4d5a2205eb5596fc3b3efd fetchmail-6.1.0-4.i386.rpm

5.3 Installation

rpm -Fvh fetchmail-6.1.0-4.i386.rpm

5.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-001.0/SRPMS

5.5 Source Packages

6bbd2ab3ca320deb7e6bb6255f02c0ee fetchmail-6.1.0-4.src.rpm

6. OpenLinux 3.1 Server

6.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-001.0/RPMS

6.2 Packages

f889dbefab6282e17225e98cc8ee9f85 fetchmail-6.1.0-4.i386.rpm

6.3 Installation

rpm -Fvh fetchmail-6.1.0-4.i386.rpm

6.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-001.0/SRPMS

6.5 Source Packages

c86a332f4ad72cdd118c111167634c58 fetchmail-6.1.0-4.src.rpm

7. OpenLinux 3.1 Workstation

7.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-001.0/RPMS

7.2 Packages

ed4c33e63e1c430202125ab1f9e9e94c fetchmail-6.1.0-4.i386.rpm

7.3 Installation

rpm -Fvh fetchmail-6.1.0-4.i386.rpm

7.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-001.0/SRPMS

7.5 Source Packages

1cb257a1a13481b518fa3ef0016cef4c fetchmail-6.1.0-4.src.rpm

8. References

Specific references for this advisory:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1365
http://security.e-matters.de/advisories/052002.html

SCO security resources:

http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr872719, fz526873,
erg712185.

9. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.

10. Acknowledgements

Stefan Esser <s.esser@e-matters.de> discovered and researched
this vulnerability.

______________________________________________________________________________

application/pgp-signature attachment: stored

Next message: Dirk Van Droogenbroeck: "WebIntelligence session hijacking vulnerability"
Previous message: Kaspar Brand: "Re: Opentype font file causes Windows to restart."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Security Update: [CSSA-2002-008.0] Linux: CUPS buffer overflow when reading names of attributes
... Cross reference: ... OpenLinux Workstation 3.1 All packages previous to ... Installing Fixed Packages ...
(Bugtraq)
QUESTION - RE: [Full-Disclosure] Security Update: [CSSA-2002-035.0] Linux: local off by one in cvsd
... Cross reference: ... OpenLinux 3.1.1 Workstation ... OpenLinux 3.1 Server ... OpenLinux 3.1 Workstation ...
(Full-Disclosure)
Security Update: [CSSA-2003-015.0] Linux: apcupsd remote root vulnerability and buffer overflows
... Cross reference: ... OpenLinux 3.1 Server ... Highspeed Junkie discovered ...
(Bugtraq)
Security Update: [CSSA-2002-009.0] Linux: X server allows access to any shared memory on the system
... Cross reference: ... OpenLinux Workstation 3.1 All packages previous to ... The proper solution is to upgrade to the latest packages. ...
(Bugtraq)
Security Update: [CSSA-2002-010.0] Linux: ftp vulnerability in squid
... Cross reference: ... OpenLinux Workstation 3.1 All packages previous to ... The proper solution is to upgrade to the latest packages. ...
(Bugtraq)