CVE-2001-1009

fetchmail < 5.8.17 - Memory Corruption via Negative LIST Response Index

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2001-1009. PoCs published by Salvatore Sanfilippo -antirez-, Sanfillipo antirez.

AI-analyzed exploit summary This exploit targets a signed integer overflow vulnerability in Fetchmail 5.8.15, allowing arbitrary memory writes via a maliciously crafted POP3 response. The PoC includes shellcode to execute '/bin/ls' and demonstrates the vulnerability by overwriting critical memory addresses.

Description

Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Salvatore Sanfilippo -antirez- · cremoteunix
https://www.exploit-db.com/exploits/21064

This exploit targets a signed integer overflow vulnerability in Fetchmail 5.8.15, allowing arbitrary memory writes via a maliciously crafted POP3 response. The PoC includes shellcode to execute '/bin/ls' and demonstrates the vulnerability by overwriting critical memory addresses.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Racy
Target: Fetchmail 5.8.15
No auth needed
Prerequisites: Network access to the target's POP3 client · Ability to impersonate a POP3 server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Sanfillipo antirez · cremoteunix
https://www.exploit-db.com/exploits/21066

This exploit targets a signed integer overflow vulnerability in Fetchmail 5.8.15, allowing arbitrary code execution via a crafted POP3 response. The PoC overwrites memory by manipulating array indices, leading to shellcode execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Racy
Target: Fetchmail 5.8.15
No auth needed
Prerequisites: Network access to the target's POP3 client · Ability to impersonate an IMAP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2001_026_fetchmail_txt.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2001/dsa-071
Patch, Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2001-103.html
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3166
Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-08/0118.html
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000419
Various Sources vendor-advisory x_refsource_mandrake
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-072.php3
Patch, Vendor Advisory vendor-advisory x_refsource_engarde
http://www.linuxsecurity.com/advisories/other_advisory-1555.html
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3164
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/6965.php

Scores

EPSS 0.0652
EPSS Percentile 92.9%

Details

CWE
CWE-264
Status published
Products (50)
fetchmail/fetchmail 4.5.1
fetchmail/fetchmail 4.5.2
fetchmail/fetchmail 4.5.3
fetchmail/fetchmail 4.5.4
fetchmail/fetchmail 4.5.5
fetchmail/fetchmail 4.5.6
fetchmail/fetchmail 4.5.7
fetchmail/fetchmail 4.5.8
fetchmail/fetchmail 4.6.0
fetchmail/fetchmail 4.6.1
... and 40 more
Published Aug 31, 2001
Tracked Since Feb 18, 2026