USN-153-1: fetchmail vulnerability

26 July 2005

fetchmail vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

Ross Boylan discovered a remote buffer overflow in fetchmail. By sending invalid responses with very long UIDs, a faulty or malicious POP server could crash fetchmail or execute arbitrary code with the privileges of the user invoking fetchmail.

fetchmail is commonly run as root to fetch mail for multiple user accounts; in this case, this vulnerability could be exploited to compromise the whole system.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.04
fetchmail
Ubuntu 4.10
fetchmail

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References