Linux Today: Linux News On Internet Time.

EnGarde Secure Linux Security Advisory: fetchmail-ssl memory overwrite vulnerability

Aug 17, 2001, 04:20 (0 Talkback[s])
Date: Thu, 16 Aug 2001 09:35:38 -0400 (EDT)
From: EnGarde Secure Linux <security@guardiandigital.com>
Subject: [ESA-20010816-01] fetchmail-ssl memory overwrite vulnerability

| EnGarde Secure Linux Security Advisory                 August 16, 2001 |
| http://www.engardelinux.org/                           ESA-20010816-01 |
|                                                                        |
| Package:  fetchmail-ssl                                                |
| Summary:  fetchmail-ssl contains a memory overwrite vulnerability.     |

  EnGarde Secure Linux is a secure distribution of Linux that features
  improved access control, host and network intrusion detection, Web
  based secure remote management, complete e-commerce using AllCommerce,
  and integrated open source security tools.

- --------
  There is a remotely exploitable memory overwrite vulnerability in the
  fetchmail-ssl package.  An exploit is known to exist.

- ------
  While doing a routine security audit of the fetchmail package (named
  "fetchmail-ssl" in EnGarde), Salvatore Sanfilippo found two remotely
  exploitable bugs in both the imap and pop3 code.  Lack of bounds
  checking may allow an attacker to write arbitrary data into memory.

  The attacker must have control of the mail server the client (using
  fetchmail) is attempting to contact in order to exploit this

- --------
  All users should upgrade to the most recent version, as outlined in
  this advisory.

  Guardian Digital recently made available the Guardian Digital Secure
  Update, a means to proactively keep systems secure and manage 
  system software. EnGarde users can automatically update their system
  using the Guardian Digital WebTool secure interface.

  If choosing to manually upgrade this package, updates can be
  obtained from:


  Before upgrading the package, the machine must either:

    a) be booted into a "standard" kernel; or
    b) have LIDS disabled.

  To disable LIDS, execute the command:

    # /sbin/lidsadm -S -- -LIDS_GLOBAL

  To install the updated package, execute the command:

    # rpm -Uvh <filename>

  To re-enable LIDS (if it was disabled), execute the command:

    # /sbin/lidsadm -S -- +LIDS_GLOBAL

  To verify the signature of the updated packages, execute the command:

    # rpm -Kv <filename>

- ----------------
  These updated packages are for EnGarde Secure Linux 1.0.1 (Finestra).

  Source Packages:

      MD5 Sum:  31f14d5c99dbfd6c61178e2e831362db

  Binary Packages:

      MD5 Sum:  244840700bfbb09078ff246791ae49a3

      MD5 Sum:  03e5c25d5ba62f4370c1e234f1b3b5dd

- ----------

  Guardian Digital's public key:

  Credit for the discovery of this bug goes to:
    Salvatore Sanfilippo 

  fetchmail's Official Web Site:

  Security Contact:    security@guardiandigital.com
  EnGarde Advisories:  http://www.engardelinux.org/advisories.html

- --------------------------------------------------------------------------
$Id: ESA-20010816-01-fetchmail-ssl,v 1.1 2001/08/16 13:12:17 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple, <ryan@guardiandigital.com>
Copyright 2001, Guardian Digital, Inc.