CVE-2010-0562 Information
Description
The sdump function in sdump.c in fetchmail 6.3.11 6.3.12 and 6.3.13 when running in verbose mode on platforms for which char is signed allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set which triggers a heap-based buffer overflow during escaping.
Reference
http://mknod.org/svn/fetchmail/branches/BRANCH_6-3/fetchmail-SA-2010-01.txt http://osvdb.org/62114 http://secunia.com/advisories/38391 http://www.fetchmail.info/fetchmail-SA-2010-01.txt http://www.mandriva.com/security/advisories?name=MDVSA-2010:037 http://www.securityfocus.com/bid/38088 http://www.securitytracker.com/id?1023543 http://www.vupen.com/english/advisories/2010/0296
Share on: