Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-1167

fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.

Related bugs and status

CVE-2010-1167 (Candidate) is related to these bugs:

Bug #557467: Lucid fetchmail version way outdated and buggy

Summary				In	Importance	Status
	557467	Lucid fetchmail version way outdated and buggy		fetchmail (Ubuntu)	High	Won't Fix
	557467	Lucid fetchmail version way outdated and buggy		fetchmail (Ubuntu Lucid)	High	Won't Fix

Bug #566636: fetchmail denial of service in multibyte locales

Summary				In	Importance	Status
	566636	fetchmail denial of service in multibyte locales		fetchmail (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.securityfoc...
MISC: http://www.securityfoc...
MISC: http://www.mandriva.co...
MISC: http://developer.berli...
MISC: http://www.fetchmail.i...