• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Eric S. Raymond Fetchmail Heap Corruption Vulnerability

A remotely exploitable heap overflow vulnerability has been reported for Fetchmail 6.1.3 and earlier. The vulnerability occurs when Fetchmail performs a reply-hack action. The action is performed so that all addresses in email headers are searched for local email addresses. Next Fetchmail will allocate enough space for the case that all addresses are local addresses. Due to a flaw in the calculation, Fetchmail does not sufficiently allocate enough space.

An attacker can exploit this vulnerability by composing an email with specially crafted header lines and sending it to the vulnerable system. When Fetchmail attempts to parse the headers, it will allocate insufficient space and will result in Fetchmail corrupting heap memory with attacker-supplied values.

An attacker may exploit this condition to overwrite arbitrary words in memory. This may allow for the execution of arbitrary code.