1 Oct
2002
1 Oct
'02
10:11
Hi! On Mon, 30 Sep 2002, Sebastian Krahmer wrote:
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- fetchmail Fetchmail contains remotely exploitable overflows in the mail header parsing functions. In depth discussion of these problems can be found at http://security.e-matters.de/advisories/032002.html. New packages will soon be available on our ftp servers.
According to the web page mentioned, fetchmail is only vulnerable in "multidrop" mode, i.e. when multiple users share one POP3 mailbox and fetchmail is asked to parse the mail headers to deliver them to the final recipient... Since this is not recommended anyway (being rather brain-dead), *most* users should be safe by default, right? Martin