Vulnerabilities > CVE-2007-4565 - Remote Denial of Service vulnerability in Fetchmail Failed Warning Message

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
fetchmail
nessus

Summary

sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.

Vulnerable Configurations

Part Description Count
Application
Fetchmail
115

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_FETCHMAIL-4490.NASL
    descriptionThis update fixes a remote denial-of-service attack. (CVE-2007-4565)
    last seen2020-06-01
    modified2020-06-02
    plugin id27572
    published2007-10-25
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27572
    titleopenSUSE 10 Security Update : fetchmail (fetchmail-4490)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update fetchmail-4490.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27572);
      script_version ("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:29");
    
      script_cve_id("CVE-2007-4565");
    
      script_name(english:"openSUSE 10 Security Update : fetchmail (fetchmail-4490)");
      script_summary(english:"Check for the fetchmail-4490 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:"This update fixes a remote denial-of-service attack. (CVE-2007-4565)"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected fetchmail packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:fetchmail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:fetchmailconf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/10/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.1|SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2 / 10.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.1", reference:"fetchmail-6.3.2-15.12") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"fetchmailconf-6.3.2-15.12") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"fetchmail-6.3.5-23.4") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"fetchmailconf-6.3.5-23.4") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"fetchmail-6.3.8-57.2") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"fetchmailconf-6.3.8-57.2") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fetchmail");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1427.NASL
    descriptionAn updated fetchmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, such as SLIP and PPP connections. It was discovered that fetchmail is affected by the previously published
    last seen2020-06-01
    modified2020-06-02
    plugin id40901
    published2009-09-09
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40901
    titleRHEL 3 / 4 / 5 : fetchmail (RHSA-2009:1427)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1427.NASL
    descriptionFrom Red Hat Security Advisory 2009:1427 : An updated fetchmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, such as SLIP and PPP connections. It was discovered that fetchmail is affected by the previously published
    last seen2020-06-01
    modified2020-06-02
    plugin id67920
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67920
    titleOracle Linux 3 / 4 / 5 : fetchmail (ELSA-2009-1427)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2009-001.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-001 applied. This security update contains fixes for the following products : - AFP Server - Apple Pixlet Video - CarbonCore - CFNetwork - Certificate Assistant - ClamAV - CoreText - CUPS - DS Tools - fetchmail - Folder Manager - FSEvents - Network Time - perl - Printing - python - Remote Apple Events - Safari RSS - servermgrd - SMB - SquirrelMail - X11 - XTerm
    last seen2020-06-01
    modified2020-06-02
    plugin id35684
    published2009-02-13
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35684
    titleMac OS X Multiple Vulnerabilities (Security Update 2009-001)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-179.NASL
    descriptionA vulnerability in fetchmail was found where it could crash when attempting to deliver an internal warning or error message through an untrusted or compromised SMTP server, leading to a denial of service. Updated packages have been patched to prevent these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id26046
    published2007-09-14
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/26046
    titleMandrake Linux Security Advisory : fetchmail (MDKSA-2007:179)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-689.NASL
    description - Mon Sep 3 2007 Vitezslav Crhonek <vcrhonek at redhat.com> - 6.3.6-3 - Fix license - Fix fetchmail NULL pointer dereference (CVE-2007-4565) Resolves: #260881 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25979
    published2007-09-05
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25979
    titleFedora Core 6 : fetchmail-6.3.6-3.fc6 (2007-689)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1377.NASL
    descriptionMatthias Andree discovered that fetchmail, an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder, can under certain circumstances attempt to dereference a NULL pointer and crash.
    last seen2020-06-01
    modified2020-06-02
    plugin id26080
    published2007-09-24
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/26080
    titleDebian DSA-1377-2 : fetchmail - NULL pointer dereference
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1427.NASL
    descriptionAn updated fetchmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, such as SLIP and PPP connections. It was discovered that fetchmail is affected by the previously published
    last seen2020-06-01
    modified2020-06-02
    plugin id40893
    published2009-09-09
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40893
    titleCentOS 3 / 4 / 5 : fetchmail (CESA-2009:1427)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_11814.NASL
    descriptionThis update fixes a remote denial-of-service attack. (CVE-2007-4565)
    last seen2020-06-01
    modified2020-06-02
    plugin id41154
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41154
    titleSuSE9 Security Update : fetchmail (YOU Patch Number 11814)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_45500F74594711DC87C1000E2E5785AD.NASL
    descriptionMatthias Andree reports : fetchmail will generate warning messages in certain circumstances (for instance, when leaving oversized messages on the server or login to the upstream fails) and send them to the local postmaster or the user running it. If this warning message is then refused by the SMTP listener that fetchmail is forwarding the message to, fetchmail crashes and does not collect further messages until it is restarted.
    last seen2020-06-01
    modified2020-06-02
    plugin id25981
    published2007-09-05
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25981
    titleFreeBSD : fetchmail -- denial of service on reject of local warning message (45500f74-5947-11dc-87c1-000e2e5785ad)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-520-1.NASL
    descriptionGaetan Leurent discovered a vulnerability in the APOP protocol based on MD5 collisions. As fetchmail supports the APOP protocol, this vulnerability can be used by attackers to discover a portion of the APOP user
    last seen2020-06-01
    modified2020-06-02
    plugin id28125
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28125
    titleUbuntu 6.06 LTS / 6.10 / 7.04 : fetchmail vulnerabilities (USN-520-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090908_FETCHMAIL_ON_SL3_X.NASL
    descriptionCVE-2007-4565 Fetchmail NULL pointer dereference CVE-2008-2711 fetchmail: Crash in large log messages in verbose mode CVE-2009-2666 fetchmail: SSL null terminator bypass It was discovered that fetchmail is affected by the previously published
    last seen2020-06-01
    modified2020-06-02
    plugin id60662
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60662
    titleScientific Linux Security Update : fetchmail on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-1983.NASL
    description - Mon Sep 3 2007 Vitezslav Crhonek <vcrhonek at redhat.com> - 6.3.7-2 - Fix license - Fix fetchmail NULL pointer dereference (CVE-2007-4565) Resolves: #260861 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27742
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27742
    titleFedora 7 : fetchmail-6.3.7-2.fc7 (2007-1983)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_FETCHMAIL-4462.NASL
    descriptionThis update fixes a remote denial-of-service attack. (CVE-2007-4565)
    last seen2020-06-01
    modified2020-06-02
    plugin id29426
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29426
    titleSuSE 10 Security Update : fetchmail (ZYPP Patch Number 4462)

Oval

accepted2013-04-29T04:06:27.554-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionsink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
familyunix
idoval:org.mitre.oval:def:10528
statusaccepted
submitted2010-07-09T03:56:16-04:00
titlesink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
version27

Redhat

rpms
  • fetchmail-0:6.2.0-3.el3.5
  • fetchmail-0:6.2.5-6.0.1.el4_8.1
  • fetchmail-0:6.3.6-1.1.el5_3.1
  • fetchmail-debuginfo-0:6.2.0-3.el3.5
  • fetchmail-debuginfo-0:6.2.5-6.0.1.el4_8.1
  • fetchmail-debuginfo-0:6.3.6-1.1.el5_3.1

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 25495 CVE(CAN) ID: CVE-2007-4565 Fetchmail是免费的软件包,可以从远程POP2、POP3、IMAP、ETRN或ODMR服务器检索邮件并将其转发给本地SMTP、LMTP服务器或消息传送代理。 在某些情况下Fetchmail会生成警告消息并发送给管理员信箱或启动Fetchmail的用户,例如,当登录到上游服务器反复失败或消息超过大小限制时就会生成这样的消息。如果之后Fetchmail将消息转发到的SMTP监听程序拒绝了这个警告消息,在试图确定是否应发送bounce消息时会引用空指针,导致Fetchmail崩溃,在重启之前不会再收集任何消息。 fetchmail fetchmail &lt; 6.3.9 fetchmail fetchmail &lt; 4.6.8 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://fetchmail.berlios.de/" target="_blank">http://fetchmail.berlios.de/</a> Index: sink.c =================================================================== --- sink.c (revision 5118) +++ sink.c (revision 5119) @@ -262,7 +262,7 @@ const char *md1 = &quot;MAILER-DAEMON&quot;, *md2 = &quot;MAILER-DAEMON@&quot;; /* don't bounce in reply to undeliverable bounces */ - if (!msg-&gt;return_path[0] || + if (!msg || !msg-&gt;return_path[0] || strcmp(msg-&gt;return_path, &quot;&lt;&gt;&quot;) == 0 || strcasecmp(msg-&gt;return_path, md1) == 0 || strncasecmp(msg-&gt;return_path, md2, strlen(md2)) == 0)
idSSV:2191
last seen2017-11-19
modified2007-09-06
published2007-09-06
reporterRoot
titleFetchmail无效警告消息本地拒绝服务漏洞

Statements

contributorMark J Cox
lastmodified2009-09-09
organizationRed Hat
statementThis issue was addressed in fetchmail packages as shipped in Red Hat Enterprise Linux 3, 4, and 5 via: https://rhn.redhat.com/errata/RHSA-2009-1427.html