Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] SuSE Security Announcement: heimdal (SuSE-SA:2002:034)
  • From: Martin Köhling <mk@xxxxxxxxxxxxxxxxxx>
  • Date: Tue, 1 Oct 2002 12:11:24 +0200 (CEST)
  • Message-id: <Pine.LNX.4.33.0210011137390.18879-100000@xxxxxxxxxxxxxxxxxx>
Hi!

On Mon, 30 Sep 2002, Sebastian Krahmer wrote:

> 2) Pending vulnerabilities in SuSE Distributions and Workarounds:
>
> - fetchmail
> Fetchmail contains remotely exploitable overflows in the mail header
> parsing functions. In depth discussion of these problems can be found at
> http://security.e-matters.de/advisories/032002.html.
> New packages will soon be available on our ftp servers.

According to the web page mentioned, fetchmail is only vulnerable in
"multidrop" mode, i.e. when multiple users share one POP3 mailbox and
fetchmail is asked to parse the mail headers to deliver them to
the final recipient...

Since this is not recommended anyway (being rather brain-dead), *most*
users should be safe by default, right?

Martin


< Previous Next >
Follow Ups
References