Vulnerabilities > CVE-2007-4565 - Remote Denial of Service vulnerability in Fetchmail Failed Warning Message
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_FETCHMAIL-4490.NASL description This update fixes a remote denial-of-service attack. (CVE-2007-4565) last seen 2020-06-01 modified 2020-06-02 plugin id 27572 published 2007-10-25 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27572 title openSUSE 10 Security Update : fetchmail (fetchmail-4490) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update fetchmail-4490. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27572); script_version ("1.8"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2007-4565"); script_name(english:"openSUSE 10 Security Update : fetchmail (fetchmail-4490)"); script_summary(english:"Check for the fetchmail-4490 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value:"This update fixes a remote denial-of-service attack. (CVE-2007-4565)" ); script_set_attribute( attribute:"solution", value:"Update the affected fetchmail packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:fetchmail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:fetchmailconf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1|SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2 / 10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"fetchmail-6.3.2-15.12") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"fetchmailconf-6.3.2-15.12") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"fetchmail-6.3.5-23.4") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"fetchmailconf-6.3.5-23.4") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"fetchmail-6.3.8-57.2") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"fetchmailconf-6.3.8-57.2") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fetchmail"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1427.NASL description An updated fetchmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, such as SLIP and PPP connections. It was discovered that fetchmail is affected by the previously published last seen 2020-06-01 modified 2020-06-02 plugin id 40901 published 2009-09-09 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40901 title RHEL 3 / 4 / 5 : fetchmail (RHSA-2009:1427) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1427.NASL description From Red Hat Security Advisory 2009:1427 : An updated fetchmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, such as SLIP and PPP connections. It was discovered that fetchmail is affected by the previously published last seen 2020-06-01 modified 2020-06-02 plugin id 67920 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67920 title Oracle Linux 3 / 4 / 5 : fetchmail (ELSA-2009-1427) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2009-001.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-001 applied. This security update contains fixes for the following products : - AFP Server - Apple Pixlet Video - CarbonCore - CFNetwork - Certificate Assistant - ClamAV - CoreText - CUPS - DS Tools - fetchmail - Folder Manager - FSEvents - Network Time - perl - Printing - python - Remote Apple Events - Safari RSS - servermgrd - SMB - SquirrelMail - X11 - XTerm last seen 2020-06-01 modified 2020-06-02 plugin id 35684 published 2009-02-13 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35684 title Mac OS X Multiple Vulnerabilities (Security Update 2009-001) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-179.NASL description A vulnerability in fetchmail was found where it could crash when attempting to deliver an internal warning or error message through an untrusted or compromised SMTP server, leading to a denial of service. Updated packages have been patched to prevent these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 26046 published 2007-09-14 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26046 title Mandrake Linux Security Advisory : fetchmail (MDKSA-2007:179) NASL family Fedora Local Security Checks NASL id FEDORA_2007-689.NASL description - Mon Sep 3 2007 Vitezslav Crhonek <vcrhonek at redhat.com> - 6.3.6-3 - Fix license - Fix fetchmail NULL pointer dereference (CVE-2007-4565) Resolves: #260881 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25979 published 2007-09-05 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25979 title Fedora Core 6 : fetchmail-6.3.6-3.fc6 (2007-689) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1377.NASL description Matthias Andree discovered that fetchmail, an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder, can under certain circumstances attempt to dereference a NULL pointer and crash. last seen 2020-06-01 modified 2020-06-02 plugin id 26080 published 2007-09-24 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26080 title Debian DSA-1377-2 : fetchmail - NULL pointer dereference NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1427.NASL description An updated fetchmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, such as SLIP and PPP connections. It was discovered that fetchmail is affected by the previously published last seen 2020-06-01 modified 2020-06-02 plugin id 40893 published 2009-09-09 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40893 title CentOS 3 / 4 / 5 : fetchmail (CESA-2009:1427) NASL family SuSE Local Security Checks NASL id SUSE9_11814.NASL description This update fixes a remote denial-of-service attack. (CVE-2007-4565) last seen 2020-06-01 modified 2020-06-02 plugin id 41154 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41154 title SuSE9 Security Update : fetchmail (YOU Patch Number 11814) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_45500F74594711DC87C1000E2E5785AD.NASL description Matthias Andree reports : fetchmail will generate warning messages in certain circumstances (for instance, when leaving oversized messages on the server or login to the upstream fails) and send them to the local postmaster or the user running it. If this warning message is then refused by the SMTP listener that fetchmail is forwarding the message to, fetchmail crashes and does not collect further messages until it is restarted. last seen 2020-06-01 modified 2020-06-02 plugin id 25981 published 2007-09-05 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25981 title FreeBSD : fetchmail -- denial of service on reject of local warning message (45500f74-5947-11dc-87c1-000e2e5785ad) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-520-1.NASL description Gaetan Leurent discovered a vulnerability in the APOP protocol based on MD5 collisions. As fetchmail supports the APOP protocol, this vulnerability can be used by attackers to discover a portion of the APOP user last seen 2020-06-01 modified 2020-06-02 plugin id 28125 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28125 title Ubuntu 6.06 LTS / 6.10 / 7.04 : fetchmail vulnerabilities (USN-520-1) NASL family Scientific Linux Local Security Checks NASL id SL_20090908_FETCHMAIL_ON_SL3_X.NASL description CVE-2007-4565 Fetchmail NULL pointer dereference CVE-2008-2711 fetchmail: Crash in large log messages in verbose mode CVE-2009-2666 fetchmail: SSL null terminator bypass It was discovered that fetchmail is affected by the previously published last seen 2020-06-01 modified 2020-06-02 plugin id 60662 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60662 title Scientific Linux Security Update : fetchmail on SL3.x, SL4.x, SL5.x i386/x86_64 NASL family Fedora Local Security Checks NASL id FEDORA_2007-1983.NASL description - Mon Sep 3 2007 Vitezslav Crhonek <vcrhonek at redhat.com> - 6.3.7-2 - Fix license - Fix fetchmail NULL pointer dereference (CVE-2007-4565) Resolves: #260861 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27742 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27742 title Fedora 7 : fetchmail-6.3.7-2.fc7 (2007-1983) NASL family SuSE Local Security Checks NASL id SUSE_FETCHMAIL-4462.NASL description This update fixes a remote denial-of-service attack. (CVE-2007-4565) last seen 2020-06-01 modified 2020-06-02 plugin id 29426 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29426 title SuSE 10 Security Update : fetchmail (ZYPP Patch Number 4462)
Oval
| accepted | 2013-04-29T04:06:27.554-04:00 | ||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||
| description | sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP. | ||||||||||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:10528 | ||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
| title | sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP. | ||||||||||||||||||||||||||||||||
| version | 27 |
Redhat
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 25495 CVE(CAN) ID: CVE-2007-4565 Fetchmail是免费的软件包,可以从远程POP2、POP3、IMAP、ETRN或ODMR服务器检索邮件并将其转发给本地SMTP、LMTP服务器或消息传送代理。 在某些情况下Fetchmail会生成警告消息并发送给管理员信箱或启动Fetchmail的用户,例如,当登录到上游服务器反复失败或消息超过大小限制时就会生成这样的消息。如果之后Fetchmail将消息转发到的SMTP监听程序拒绝了这个警告消息,在试图确定是否应发送bounce消息时会引用空指针,导致Fetchmail崩溃,在重启之前不会再收集任何消息。 fetchmail fetchmail < 6.3.9 fetchmail fetchmail < 4.6.8 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://fetchmail.berlios.de/" target="_blank">http://fetchmail.berlios.de/</a> Index: sink.c =================================================================== --- sink.c (revision 5118) +++ sink.c (revision 5119) @@ -262,7 +262,7 @@ const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@"; /* don't bounce in reply to undeliverable bounces */ - if (!msg->return_path[0] || + if (!msg || !msg->return_path[0] || strcmp(msg->return_path, "<>") == 0 || strcasecmp(msg->return_path, md1) == 0 || strncasecmp(msg->return_path, md2, strlen(md2)) == 0) |
| id | SSV:2191 |
| last seen | 2017-11-19 |
| modified | 2007-09-06 |
| published | 2007-09-06 |
| reporter | Root |
| title | Fetchmail无效警告消息本地拒绝服务漏洞 |
Statements
| contributor | Mark J Cox |
| lastmodified | 2009-09-09 |
| organization | Red Hat |
| statement | This issue was addressed in fetchmail packages as shipped in Red Hat Enterprise Linux 3, 4, and 5 via: https://rhn.redhat.com/errata/RHSA-2009-1427.html |
References
- http://fetchmail.berlios.de/fetchmail-SA-2007-02.txt
- http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html
- http://mknod.org/svn/fetchmail/branches/BRANCH_6-3/fetchmail-SA-2007-02.txt
- http://osvdb.org/45833
- http://secunia.com/advisories/27399
- http://secunia.com/advisories/33937
- http://securityreason.com/securityalert/3074
- http://support.apple.com/kb/HT3438
- http://www.debian.org/security/2007/dsa-1377
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:179
- http://www.securityfocus.com/archive/1/478798/100/0/threaded
- http://www.securityfocus.com/archive/1/493388/100/0/threaded
- http://www.securityfocus.com/bid/25495
- http://www.securitytracker.com/id?1018627
- http://www.trustix.org/errata/2007/0028/
- http://www.ubuntu.com/usn/usn-520-1
- http://www.vupen.com/english/advisories/2007/3032
- http://www.vupen.com/english/advisories/2009/0422
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36385
- https://issues.rpath.com/browse/RPL-1690
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10528