Ross Boylan discovered a remote buffer overflow in fetchmail. By sending invalid responses with very long UIDs, a faulty or malicious POP server could crash fetchmail or execute arbitrary code with the privileges of the user invoking fetchmail.
fetchmail is commonly run as root to fetch mail for multiple user accounts; in this case, this vulnerability could be exploited to compromise the whole system.
26 July 2005
A security issue affects these releases of Ubuntu and its derivatives:
Ross Boylan discovered a remote buffer overflow in fetchmail. By sending invalid responses with very long UIDs, a faulty or malicious POP server could crash fetchmail or execute arbitrary code with the privileges of the user invoking fetchmail.
fetchmail is commonly run as root to fetch mail for multiple user accounts; in this case, this vulnerability could be exploited to compromise the whole system.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
Vulmon