FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

fetchmail -- null pointer dereference in multidrop mode with headerless email

Affected packages
fetchmail < 6.3.1

Details

VuXML ID f7eb0b23-7099-11da-a15c-0060084a00e5
Discovery 2005-12-19
Entry 2005-12-19

The fetchmail team reports:

Fetchmail contains a bug that causes an application crash when fetchmail is configured for multidrop mode and the upstream mail server sends a message without headers. As fetchmail does not record this message as "previously fetched", it will crash with the same message if it is re-executed, so it cannot make progress. A malicious or broken-into upstream server could thus cause a denial of service in fetchmail clients.

References

CVE Name CVE-2005-4348
URL http://article.gmane.org/gmane.mail.fetchmail.user/7573
URL http://bugs.debian.org/343836
URL http://www.fetchmail.info/fetchmail-SA-2005-03.txt