Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: fetchmail, buffer overflow in verbose mode

February 2010 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

When fetchmail is used in verbose mode, an attacker can create an
X.509 certificate with special characters, in order to generate a
buffer overflow.

Severity: 2/4

Consequences: denial of service of client

Provenance: intranet client

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: medium (2/3)

Creation date: 04/02/2010

IMPACTED PRODUCTS

 Unix - plateform

DESCRIPTION OF THE VULNERABILITY

The fetchmail program downloads emails from a POP or IMAP server.
The protocol can be encapsulated in SSL.

When fetchmail is used in verbose mode (-vv or -vvv), it calls the
sdump() function to display X.509 certificates. This function
stores characters of the certificate name in an array, with an
hexadecimal format.

However, if the value of a character is superior to 127 (for
example 233), it is displayed with the signed format (for example
"\xFFFFFFE9") instead of the unsigned format ("\xE9"). The
resulting string is thus too long and overflows the array.

When fetchmail is used in verbose mode, an attacker can therefore
create an X.509 certificate with special characters, in order to
generate a buffer overflow, leading to a denial of service and
possibly to code execution.

CHARACTERISTICS

Identifiers: BID-38088, CVE-2010-0562, fetchmail-SA-2010-01,
VIGILANCE-VUL-9408

http://vigilance.fr/vulnerability/fetchmail-buffer


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts