Fetchmail POP3客户端缓冲区溢出漏洞

BUGTRAQ ID: 14349 CVE(CAN) ID: CVE-2005-2335 fetchmail是免费的软件包，可以从远程POP2、POP3、IMAP、ETRN或ODMR服务器检索邮件并将其转发给本地SMTP、LMTP服务器或消息传送代理。 fetchmail的POP3客户端在处理服务器回应时存在缓冲区溢出漏洞，恶意服务器可能利用此漏洞在客户端上执行任意指令。 fetchmail-6.2.5及更早版本的处理UID的POP3代码将POP3服务器返回的相应读取到栈中固定大小的缓冲区，没有限制输入长度，这样被入侵的或恶意的POP3服务器就可以覆盖fetchmail的栈，导致完全控制受影响的系统。 在fetchmail-6.2.5.1中，漏洞修复可以通过POP3 UIDL防范代码注入，但却引入了两个空指针引用。攻击者可能利用这个漏洞导致拒绝服务。 Eric Raymond Fetchmail 6.2.5.1 Eric Raymond Fetchmail 6.2.5 Eric Raymond Fetchmail 6.2.0 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux AS 2.1 IA64 RedHat Enterprise Linux AS 2.1 RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Advanced Workstation 2.1 IA64 RedHat Advanced Workstation 2.1 厂商补丁： Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href="http://www.apple.com/support/downloads/" target="_blank">http://www.apple.com/support/downloads/</a> Debian ------ Debian已经为此发布了一个安全公告（DSA-774-1）以及相应补丁: DSA-774-1：New fetchmail packages fix arbitrary code execution <a href="http://www.debian.org/security/2005/dsa-774" target="_blank">http://www.debian.org/security/2005/dsa-774</a> 补丁下载： Source archives: <a href="http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1.dsc" target="_blank">http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1.dsc</a> Size/MD5 checksum: 650 3eb739416b5b7a906b56b3145cf1ba32 <a href="http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1.diff.gz" target="_blank">http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1.diff.gz</a> Size/MD5 checksum: 150578 12cdd33c6299e840ffcf3cfa00eb2e0e <a href="http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5.orig.tar.gz" target="_blank">http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5.orig.tar.gz</a> Size/MD5 checksum: 1257376 9956b30139edaa4f5f77c4d0dbd80225 Architecture independent components: <a href="http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail-ssl_6.2.5-12sarge1_all.deb" target="_blank">http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail-ssl_6.2.5-12sarge1_all.deb</a> Size/MD5 checksum: 42268 593148b798ec57fbca09340ecb139c1e <a href="http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.2.5-12sarge1_all.deb" target="_blank">http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.2.5-12sarge1_all.deb</a> Size/MD5 checksum: 101356 c7e81ed2ef2c7375e3afb9d937a1aa91 Alpha architecture: <a href="http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_alpha.deb</a> Size/MD5 checksum: 572940 7426819c3db555eb6c1b5bf866b2113d AMD64 architecture: <a href="http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_amd64.deb</a> Size/MD5 checksum: 554678 56223b7979f4e4410c05620d153a01ba ARM architecture: <a href="http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_arm.deb</a> Size/MD5 checksum: 549146 b8f0493390f4aa713004f913f2696e73 Intel IA-32 architecture: <a href="http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_i386.deb</a> Size/MD5 checksum: 548184 4b004ec450045c4d0d4b9fda7d9b04cc Intel IA-64 architecture: <a href="http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_ia64.deb</a> Size/MD5 checksum: 597056 5a7e4a0f676edeed83bd3e48d4747b57 HP Precision architecture: <a href="http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_hppa.deb</a> Size/MD5 checksum: 561656 5ed8c10d345f358e85f58937e7aa79c9 Motorola 680x0 architecture: <a href="http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_m68k.deb</a> Size/MD5 checksum: 537964 8ce1a7e8de2858d8b9166c7166309173 Big endian MIPS architecture: <a href="http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_mips.deb</a> Size/MD5 checksum: 556648 ee365e9943ae1646eb6ac051c6645833 Little endian MIPS architecture: <a href="http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_mipsel.deb</a> Size/MD5 checksum: 556388 5f07b01938a6171da1c319006700ec93 PowerPC architecture: <a href="http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_powerpc.deb</a> Size/MD5 checksum: 556168 55c628ab054ef7022c679e15edde8fae IBM S/390 architecture: <a href="http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_s390.deb</a> Size/MD5 checksum: 554510 5457354b0ee7ed5c735c582408396154 Sun Sparc architecture: <a href="http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_sparc.deb</a> Size/MD5 checksum: 549168 db954a1eafe045ff6f2eb4c3c64abf3f 补丁安装方法： 1. 手工安装补丁包： 首先，使用下面的命令来下载补丁软件： # wget url (url是补丁下载链接地址) 然后，使用下面的命令来安装补丁： # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包： 首先，使用下面的命令更新内部数据库： # apt-get update 然后，使用下面的命令安装更新软件包： # apt-get upgrade Eric Raymond ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： Eric Raymond Patch fetchmail-patch-6.2.5.2.gz <a href="http://download.berlios.de/fetchmail/fetchmail-patch-6.2.5.2.gz" target="_blank">http://download.berlios.de/fetchmail/fetchmail-patch-6.2.5.2.gz</a> RedHat ------ RedHat已经为此发布了一个安全公告（RHSA-2005:640-01）以及相应补丁: RHSA-2005:640-01：Important: fetchmail security update 链接：<a href="http://lwn.net/Alerts/144832/?format=printable" target="_blank">http://lwn.net/Alerts/144832/?format=printable</a> Gentoo ------ Gentoo已经为此发布了一个安全公告（GLSA-200507-21）以及相应补丁: GLSA-200507-21：fetchmail: Buffer Overflow 链接：<a href="http://security.gentoo.org/glsa/glsa-200507-21.xml" target="_blank">http://security.gentoo.org/glsa/glsa-200507-21.xml</a> 所有fetchmail用户都应升级到最新版本： # emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/fetchmail-6.2.5.2"