-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: Linux: fetchmail at-sign buffer overflow vulnerability Advisory number: CSSA-2003-001.0 Issue date: 2003 January 09 Cross reference: ______________________________________________________________________________ 1. Problem Description Heap-based buffer overflow in fetchmail does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to fetchmail-6.1.0-4.i386.rpm OpenLinux 3.1.1 Workstation prior to fetchmail-6.1.0-4.i386.rpm OpenLinux 3.1 Server prior to fetchmail-6.1.0-4.i386.rpm OpenLinux 3.1 Workstation prior to fetchmail-6.1.0-4.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-001.0/RPMS 4.2 Packages 6035679560eb91ad57ec143469744f6f fetchmail-6.1.0-4.i386.rpm 4.3 Installation rpm -Fvh fetchmail-6.1.0-4.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-001.0/SRPMS 4.5 Source Packages 8324bf38216402b13657e3a137c04f52 fetchmail-6.1.0-4.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-001.0/RPMS 5.2 Packages f1205c6cfa4d5a2205eb5596fc3b3efd fetchmail-6.1.0-4.i386.rpm 5.3 Installation rpm -Fvh fetchmail-6.1.0-4.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-001.0/SRPMS 5.5 Source Packages 6bbd2ab3ca320deb7e6bb6255f02c0ee fetchmail-6.1.0-4.src.rpm 6. OpenLinux 3.1 Server 6.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-001.0/RPMS 6.2 Packages f889dbefab6282e17225e98cc8ee9f85 fetchmail-6.1.0-4.i386.rpm 6.3 Installation rpm -Fvh fetchmail-6.1.0-4.i386.rpm 6.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-001.0/SRPMS 6.5 Source Packages c86a332f4ad72cdd118c111167634c58 fetchmail-6.1.0-4.src.rpm 7. OpenLinux 3.1 Workstation 7.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-001.0/RPMS 7.2 Packages ed4c33e63e1c430202125ab1f9e9e94c fetchmail-6.1.0-4.i386.rpm 7.3 Installation rpm -Fvh fetchmail-6.1.0-4.i386.rpm 7.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-001.0/SRPMS 7.5 Source Packages 1cb257a1a13481b518fa3ef0016cef4c fetchmail-6.1.0-4.src.rpm 8. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1365 http://security.e-matters.de/advisories/052002.html SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr872719, fz526873, erg712185. 9. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 10. Acknowledgements Stefan Esser discovered and researched this vulnerability. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj4dyroACgkQbluZssSXDTGN9QCfcxmgWnv7bv8hcjWVc/klAP3c FVMAniFWVuNJcVSvVNGOQfZt5YRlfxoe =7ouV -----END PGP SIGNATURE-----