To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed]

________________________________________________________________________
______

SCO Security Advisory

Subject: Linux: fetchmail at-sign buffer overflow vulnerability
Advisory number: CSSA-2003-001.0
Issue date: 2003 January 09
Cross reference:
________________________________________________________________________
______

1. Problem Description

Heap-based buffer overflow in fetchmail does not account for the
"@" character when determining buffer lengths for local addresses,
which allows remote attackers to execute arbitrary code via a
header with a large number of local addresses.

2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to fetchmail-6.1.0-4.i386.rpm

OpenLinux 3.1.1 Workstation prior to fetchmail-6.1.0-4.i386.rpm

OpenLinux 3.1 Server prior to fetchmail-6.1.0-4.i386.rpm

OpenLinux 3.1 Workstation prior to fetchmail-6.1.0-4.i386.rpm

3. Solution

The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.

4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-001.0/RPM
S

4.2 Packages

6035679560eb91ad57ec143469744f6f fetchmail-6.1.0-4.i386.rpm

4.3 Installation

rpm -Fvh fetchmail-6.1.0-4.i386.rpm

4.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-001.0/SRP
MS

4.5 Source Packages

8324bf38216402b13657e3a137c04f52 fetchmail-6.1.0-4.src.rpm

5. OpenLinux 3.1.1 Workstation

5.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-001.
0/RPMS

5.2 Packages

f1205c6cfa4d5a2205eb5596fc3b3efd fetchmail-6.1.0-4.i386.rpm

5.3 Installation

rpm -Fvh fetchmail-6.1.0-4.i386.rpm

5.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-001.
0/SRPMS

5.5 Source Packages

6bbd2ab3ca320deb7e6bb6255f02c0ee fetchmail-6.1.0-4.src.rpm

6. OpenLinux 3.1 Server

6.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-001.0/RPMS

6.2 Packages

f889dbefab6282e17225e98cc8ee9f85 fetchmail-6.1.0-4.i386.rpm

6.3 Installation

rpm -Fvh fetchmail-6.1.0-4.i386.rpm

6.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-001.0/SRPMS

6.5 Source Packages

c86a332f4ad72cdd118c111167634c58 fetchmail-6.1.0-4.src.rpm

7. OpenLinux 3.1 Workstation

7.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-001.0/
RPMS

7.2 Packages

ed4c33e63e1c430202125ab1f9e9e94c fetchmail-6.1.0-4.i386.rpm

7.3 Installation

rpm -Fvh fetchmail-6.1.0-4.i386.rpm

7.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-001.0/
SRPMS

7.5 Source Packages

1cb257a1a13481b518fa3ef0016cef4c fetchmail-6.1.0-4.src.rpm

8. References

Specific references for this advisory:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1365
http://security.e-matters.de/advisories/052002.html

SCO security resources:

http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr872719, fz526873,
erg712185.

9. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.

10. Acknowledgements

Stefan Esser <s.esser (at) e-matters (dot) de [email concealed]> discovered and researched
this vulnerability.

________________________________________________________________________
______

[ reply ]