• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Eric S. Raymond Fetchmail Multidrop Mode Email Header Parsing Heap Overflow Vulnerability

A remotely exploitable heap overflow vulnerability has been reported for Fetchmail 6.0.0 and earlier. The vulnerability occurs in the function which is used to parse email headers. This vulnerability affects Fetchmail in multidrop mode and will cause Fetchmail to corrupt heap memory with attacker-supplied values.

An attacker may exploit this condition to overwrite arbitrary words in memory. This may allow for the execution of arbitrary code.