Fetchmail POP3 Reply Signed Integer Index Vulnerability

Fetchmail is a unix utility for downloading email from mail servers via POP3.

Fetchmail contains a vulnerability that may allow for remote attackers to gain access to client systems. The vulnerability has to do with the use of a remotely supplied signed integer value as the index to an array when writing data to memory.

It is be possible for attackers to overwrite critical variables in memory with arbitrary values if the target client's POP3 server can be impersonated. Successful exploitation can lead to the exectution of arbitrary code on the client host.


 

Privacy Statement
Copyright 2010, SecurityFocus