oss-sec mailing list archives

Re: CVE request - fetchmail 6.3.11-.13 heap overflow in verbose X.509 cert display (only printable chars)

From: Nico Golde <oss-security+ml () ngolde de>
Date: Thu, 4 Feb 2010 13:28:41 +0100

Hey,
* Matthias Andree <matthias.andree () gmx de> [2010-02-04 11:04]:
[...]

This might be exploitable to inject code if
- fetchmail is run in verbose mode
AND
- the host running fetchmail considers char unsigned


Imho this needs to say signed, not unsigned.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: _bin
Description:

Current thread:

CVE request - fetchmail 6.3.11-.13 heap overflow in verbose X.509 cert display (only printable chars) Matthias Andree (Feb 04)
- Re: CVE request - fetchmail 6.3.11-.13 heap overflow in verbose X.509 cert display (only printable chars) Nico Golde (Feb 04)
- Fwd: CVE request - fetchmail 6.3.11-.13 heap overflow in verbose X.509 cert display (only printable chars) Matthias Andree (Feb 09)
  - Re: CVE request - fetchmail 6.3.11-.13 heap overflow in verbose X.509 cert display (only printable chars) Tomas Hoger (Feb 09)