FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

fetchmail -- potential crash in -v -v verbose mode

Affected packages
fetchmail < 6.3.8_6

Details

VuXML ID 168190df-3e9a-11dd-87bc-000ea69a5213
Discovery 2008-06-13
Entry 2008-06-20

Matthias Andree reports:

Gunter Nau reported fetchmail crashing on some messages; further debugging by Petr Uzel and Petr Cerny at Novell/SUSE Czech Republic dug up that this happened when fetchmail was trying to print, in -v -v verbose level, headers exceeding 2048 bytes. In this situation, fetchmail would resize the buffer and fill in further parts of the message, but forget to reinitialize its va_list typed source pointer, thus reading data from a garbage address found on the stack at addresses above the function arguments the caller passed in; usually that would be the caller's stack frame.

References

CVE Name CVE-2008-2711
URL http://www.fetchmail.info/fetchmail-SA-2008-01.txt