Fetchmail Buffer Overflow Vulnerability

Fetchmail is a unix utility for downloading email from mail servers via POP.

Fetchmail contains a buffer overflow in its handling of email header information. If the 'To:' field is too large, fetchmail will overflow a local buffer.

It may be possible for remote attackers to create malicious emails that will cause execution of arbitrary code when processed by fetchmail.

Fetchmail often runs as root. If this vulnerability were exploited, it is likely that an attacker would gain root access on target clients.


 

Privacy Statement
Copyright 2010, SecurityFocus