CVE-2001-1009
published 2001-08-31CVE-2001-1009: Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain…
PriorityP341critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
6.52%
92.9th percentile
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.
Affected
71 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fetchmail | fetchmail | <= 5.8.14 | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
| fetchmail | fetchmail | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-crwm-xxj2-prrm: Fetchmail (aka fetchmail-ssl) before 5
ghsa_unreviewed·2022-04-30
CVE-2001-1009 [HIGH] GHSA-crwm-xxj2-prrm: Fetchmail (aka fetchmail-ssl) before 5
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.
Red Hat
security flaw
vendor_redhat·2001-08-09·CVSS 10.0
CVE-2001-1009 [CRITICAL] security flaw
security flaw
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.
No detection rules found.
Exploit-DB
Fetchmail 5.x - IMAP Reply Signed Integer Index
exploitdb·2001-08-09
CVE-2001-1009 Fetchmail 5.x - IMAP Reply Signed Integer Index
Fetchmail 5.x - IMAP Reply Signed Integer Index
---
// source: https://www.securityfocus.com/bid/3166/info
Fetchmail is a unix utility for downloading email from mail servers via POP3 and IMAP.
Fetchmail contains a vulnerability that may allow for remote attackers to gain access to client systems. The vulnerability has to do with the use of a remotely supplied signed integer value as the index to an array when writing data to memory.
It is be possible for attackers to overwrite critical variables in memory with arbitrary values if the target client's IMAP server can be impersonated. Successful exploitation can lead to the exectution of arbitrary code on the client host.
/* fetchmail proof of concepts i386 exploit
* Copyright (C) 2001 Salvatore Sanfilippo
* Code under the GPL license.
Exploit-DB
Fetchmail 5.x - POP3 Reply Signed Integer Index
exploitdb·2001-08-09
CVE-2001-1009 Fetchmail 5.x - POP3 Reply Signed Integer Index
Fetchmail 5.x - POP3 Reply Signed Integer Index
---
// source: https://www.securityfocus.com/bid/3164/info
Fetchmail is a unix utility for downloading email from mail servers via POP3.
Fetchmail contains a vulnerability that may allow for remote attackers to gain access to client systems. The vulnerability has to do with the use of a remotely supplied signed integer value as the index to an array when writing data to memory.
It is be possible for attackers to overwrite critical variables in memory with arbitrary values if the target client's POP3 server can be impersonated. Successful exploitation can lead to the exectution of arbitrary code on the client host.
/* fetchmail proof of concepts i386 exploit
* Copyright (C) 2001 Salvatore Sanfilippo
* Code under the GPL license.
*
* Usag
CWE
Improper Validation of Specified Index, Position, or Offset in Input
mitre_cwe
CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input
CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input
The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.
Often, indexable resources such as memory buffers or files can be accessed using a specific position, index, or offset, such as an index for an array or a position for a file. When untrusted input is not properly validated before it is used as an index, attackers could access (or attempt to access) unauthorized portions of these resources. This could be used to cause buffer overflows, excessive resource allocation, or trigger unexpected failures.
Modes of
CWE
Improper Validation of Array Index
mitre_cwe
CWE-129 Improper Validation of Array Index
CWE-129: Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity, Availability. Impact: DoS: Crash, Exit, or Restart. Use of an index that is outside the bounds of an array will very likely result in the corruption of relevant memory and perhaps instructions, leading to a crash, if the values are outside of the valid memory area.
Scope: Integrity. Impact: Modify Memory. If the memory corrupted is data, rather than instructions, the system will continue to function with improper values.
Scope: Confidentiality, Integrity.
http://archives.neohapsis.com/archives/bugtraq/2001-08/0118.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000419http://www.debian.org/security/2001/dsa-071http://www.iss.net/security_center/static/6965.phphttp://www.linux-mandrake.com/en/security/2001/MDKSA-2001-072.php3http://www.linuxsecurity.com/advisories/other_advisory-1555.htmlhttp://www.novell.com/linux/security/advisories/2001_026_fetchmail_txt.htmlhttp://www.redhat.com/support/errata/RHSA-2001-103.htmlhttp://www.securityfocus.com/bid/3164http://www.securityfocus.com/bid/3166http://archives.neohapsis.com/archives/bugtraq/2001-08/0118.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000419http://www.debian.org/security/2001/dsa-071http://www.iss.net/security_center/static/6965.phphttp://www.linux-mandrake.com/en/security/2001/MDKSA-2001-072.php3http://www.linuxsecurity.com/advisories/other_advisory-1555.htmlhttp://www.novell.com/linux/security/advisories/2001_026_fetchmail_txt.htmlhttp://www.redhat.com/support/errata/RHSA-2001-103.htmlhttp://www.securityfocus.com/bid/3164http://www.securityfocus.com/bid/3166
2001-08-31
Published