tags 338007 + upstream * Nathaniel W. Turner <[EMAIL PROTECTED]> [2005-11-07 20:37]: > Package: fetchmail > Version: 6.2.5-18 > Severity: important > > I have done some debugging, and determined that with my setup, fetchmail > always fails if two conditions are met. > > My setup: > > - messages arrive on box-A via qmail > - fetchmail on box-B fetches messages via courier-imap on box-A > > Conditions required for failure (both must be met): > > 1. the message being fetched must have DOS-style line endings (at least > for the blank line between the headers and the message body). > > 2. the message body must contain (anywhere in it) the two character > string "OK". > > If these conditions are met, fetchmail will choke while fetching this > message, and quit, leaving it and any other message on the server. > > I have minimal test messages and the output of running fetchmail -vv for > each of them, which I will attach to this report. > > (I don't think this bug has security implications other than a basic > DoS, but that might be worth investigating, as it seems fetchmail is > interpreting data from an untrusted user as though it were data from a > (potentially trusted) mail server.) > > I don't think my particular /etc/fetchmailrc is relevant here, but I can > provide a sanitized copy if needed. > > Cheers, > nate > > -- System Information: > Debian Release: testing/unstable > APT prefers unstable > APT policy: (500, 'unstable') > Architecture: i386 (i686) > Shell: /bin/sh linked to /bin/bash > Kernel: Linux 2.6.14-1-k7 > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > > Versions of packages fetchmail depends on: > ii adduser 3.77 Add and remove users and groups > ii base-files 3.1.9 Debian base system miscellaneous > f > ii debianutils 2.15.1 Miscellaneous utilities specific > t > ii libc6 2.3.5-7 GNU C Library: Shared libraries > an > ii libssl0.9.7 0.9.7g-5 SSL shared libraries > > Versions of packages fetchmail recommends: > ii ca-certificates 20050804 Common CA Certificates PEM files > > -- no debconf information
-- Nico Golde - JAB: [EMAIL PROTECTED] | GPG: 0x73647CFF http://www.ngolde.de | http://www.muttng.org | http://grml.org Forget about that mouse with 3/4/5 buttons - gimme a keyboard with 103/104/105 keys!
pgpyDEvHPOQ9g.pgp
Description: PGP signature