• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Fetchmail Failed Warning Message Remote Denial of Service Vulnerability

Solution:
The vendor has released an advisory along with fixes to address this issue. Please see the references for more information.

The following patch is available from the vendor and can be used until the official Fetchmail 6.3.9 has been released:

Index: sink.c
===================================================================
--- sink.c (revision 5118)
+++ sink.c (revision 5119)
@@ -262,7 +262,7 @@
const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@";

/* don't bounce in reply to undeliverable bounces */
- if (!msg->return_path[0] ||
+ if (!msg || !msg->return_path[0] ||
strcmp(msg->return_path, "<>") == 0 ||
strcasecmp(msg->return_path, md1) == 0 ||
strncasecmp(msg->return_path, md2, strlen(md2)) == 0)


Apple Mac OS X 10.4.11

• Apple SecUpd2009-001Intel.dmg
  for Intel
  http://support.apple.com/downloads/Security_Update_2009_001__Tiger_Int el_


• Apple SecUpd2009-001PPC.dmg
  for PPC
  http://support.apple.com/downloads/Security_Update_2009_001__Tiger_PPC _

Apple Mac OS X Server 10.4.11

• Apple SecUpdSrvr2009-001PPC.dmg
  for PPC
  http://support.apple.com/downloads/Security_Update_2009_001__Server_Ti ger_PPC_


• Apple SecUpdSrvr2009-001Univ.dmg
  Universal
  http://support.apple.com/downloads/Security_Update_2009_001__Server_Un iversal_

Apple Mac OS X 10.5.6

• Apple SecUpd2009-001.dmg
  http://support.apple.com/downloads/Security_Update_2009_001__Leopard_