FreeBSD : fetchmail -- heap overflow on verbose X.509 display (2a6a966f-1774-11df-b5c1-0026189baca3)
Medium Nessus Plugin ID 44600
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionMatthias Andree reports :
In verbose mode, fetchmail prints X.509 certificate subject and issuer information to the user, and counts and allocates a malloc() buffer for that purpose.
If the material to be displayed contains characters with high bit set and the platform treats the 'char' type as signed, this can cause a heap buffer overrun because non-printing characters are escaped as \xFF..FFnn, where nn is 80..FF in hex.
SolutionUpdate the affected package.