CVE-2010-1167 Information

Description

fetchmail 4.6.3 through 6.3.16 when debug mode is enabled does not properly handle invalid characters in a multi-character locale which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.

Reference

http://developer.berlios.de/project/shownotes.php?group_id=1824&release_id=17512 http://www.fetchmail.info/fetchmail-SA-2010-02.txt http://www.mandriva.com/security/advisories?name=MDVSA-2011:107 http://www.securityfocus.com/archive/1/511140/100/0/threaded http://www.securityfocus.com/bid/39556