FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

fetchmail -- heap overflow on verbose X.509 display

Affected packages
6.3.11 <= fetchmail < 6.3.14

Details

VuXML ID 2a6a966f-1774-11df-b5c1-0026189baca3
Discovery 2010-02-04
Entry 2010-02-12

Matthias Andree reports:

In verbose mode, fetchmail prints X.509 certificate subject and issuer information to the user, and counts and allocates a malloc() buffer for that purpose.

If the material to be displayed contains characters with high bit set and the platform treats the "char" type as signed, this can cause a heap buffer overrun because non-printing characters are escaped as \xFF..FFnn, where nn is 80..FF in hex.

References

Bugtraq ID 38088
CVE Name CVE-2010-0562
Message 20100205014643.GA25506@merlin.emma.line.org
URL http://www.fetchmail.info/fetchmail-SA-2010-01.txt