Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 191154

Summary: net-mail/fetchmail < 6.3.9 NULL pointer dereference DOS (CVE-2007-4565)
Product: Gentoo Linux Reporter: Robert Buchholz (RETIRED) <rbu>
Component: Current packagesAssignee: Net-Mail Packages <net-mail+disabled>
Status: RESOLVED FIXED    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://fetchmail.berlios.de/fetchmail-SA-2007-02.txt
Whiteboard:
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2007-09-03 13:52:51 UTC 
"fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP." (From CVE)

Fetchmail 6.3.9 was released on 28.08.
Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-09-03 14:07:17 UTC 
client-side DoS, no security impact, reassigning to maintainer.
Comment 2 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-09-03 14:34:08 UTC 
fixed in 2.3.8-r1, thanks