Rapid7 Vulnerability & Exploit Database

SUSE-SA:2003:001: fetchmail

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SUSE-SA:2003:001: fetchmail

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

01/02/2003

Created

07/25/2018

Added

11/08/2005

Modified

11/18/2015

Description

Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses.

Solution(s)

References

https://attackerkb.com/topics/cve-2002-1365
6390
CSSA-2003-001.0
CLA-2002:554
CVE - 2002-1365
DSA-216
MDKSA-2003:011
RHSA-2002:293
RHSA-2002:294
RHSA-2003:155
http://marc.theaimsgroup.com/?l=bugtraq&m=103979751818638&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=104004858802000&w=2
http://security.e-matters.de/advisories/052002.html
http://www.novell.com/linux/security/advisories/2003_001_fetchmail.html
http://www.redhat.com/support/errata/RHSA-2002-293.html
http://www.securityfocus.com/bid/6390/
10839

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;