FreeBSD : fetchmail -- potential crash in -v -v verbose mode (168190df-3e9a-11dd-87bc-000ea69a5213)
Medium Nessus Plugin ID 33239
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionMatthias Andree reports :
Gunter Nau reported fetchmail crashing on some messages; further debugging by Petr Uzel and Petr Cerny at Novell/SUSE Czech Republic dug up that this happened when fetchmail was trying to print, in -v -v verbose level, headers exceeding 2048 bytes. In this situation, fetchmail would resize the buffer and fill in further parts of the message, but forget to reinitialize its va_list typed source pointer, thus reading data from a garbage address found on the stack at addresses above the function arguments the caller passed in; usually that would be the caller's stack frame.
SolutionUpdate the affected package.