Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2711

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-2711
Last Modified 07 Mar 2011 10:09:38
Published 16 Jun 2008 05:41:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2711

Summary

fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.

Vulnerable Systems

Application

  • Fetchmail 4.5.1

  • Fetchmail 4.5.2

  • Fetchmail 4.5.3

  • Fetchmail 4.5.4

  • Fetchmail 4.5.5

  • Fetchmail 4.5.6

  • Fetchmail 4.5.7

  • Fetchmail 4.5.8

  • Fetchmail 4.6.0

  • Fetchmail 4.6.1

  • Fetchmail 4.6.2

  • Fetchmail 4.6.3

  • Fetchmail 4.6.4

  • Fetchmail 4.6.5

  • Fetchmail 4.6.6

  • Fetchmail 4.6.7

  • Fetchmail 4.6.8

  • Fetchmail 4.6.9

  • Fetchmail 4.7.0

  • Fetchmail 4.7.1

  • Fetchmail 4.7.2

  • Fetchmail 4.7.3

  • Fetchmail 4.7.4

  • Fetchmail 4.7.5

  • Fetchmail 4.7.6

  • Fetchmail 4.7.7

  • Fetchmail 5.0.0

  • Fetchmail 5.0.1

  • Fetchmail 5.0.2

  • Fetchmail 5.0.3

  • Fetchmail 5.0.4

  • Fetchmail 5.0.5

  • Fetchmail 5.0.6

  • Fetchmail 5.0.7

  • Fetchmail 5.0.8

  • Fetchmail 5.1.0

  • Fetchmail 5.1.4

  • Fetchmail 5.2.0

  • Fetchmail 5.2.1

  • Fetchmail 5.2.3

  • Fetchmail 5.2.4

  • Fetchmail 5.2.7

  • Fetchmail 5.2.8

  • Fetchmail 5.3.0

  • Fetchmail 5.3.1

  • Fetchmail 5.3.3

  • Fetchmail 5.3.8

  • Fetchmail 5.4.0

  • Fetchmail 5.4.3

  • Fetchmail 5.4.4

  • Fetchmail 5.4.5

  • Fetchmail 5.5.0

  • Fetchmail 5.5.2

  • Fetchmail 5.5.3

  • Fetchmail 5.5.5

  • Fetchmail 5.5.6

  • Fetchmail 5.6.0

  • Fetchmail 5.7.0

  • Fetchmail 5.7.2

  • Fetchmail 5.7.4

  • Fetchmail 5.8

  • Fetchmail 5.8.1

  • Fetchmail 5.8.11

  • Fetchmail 5.8.13

  • Fetchmail 5.8.14

  • Fetchmail 5.8.17

  • Fetchmail 5.8.2

  • Fetchmail 5.8.3

  • Fetchmail 5.8.4

  • Fetchmail 5.8.5

  • Fetchmail 5.8.6

  • Fetchmail 5.9.0

  • Fetchmail 5.9.10

  • Fetchmail 5.9.11

  • Fetchmail 5.9.13

  • Fetchmail 5.9.4

  • Fetchmail 5.9.5

  • Fetchmail 5.9.8

  • Fetchmail 6.0.0

  • Fetchmail 6.1.0

  • Fetchmail 6.1.3

  • Fetchmail 6.2.0

  • Fetchmail 6.2.1

  • Fetchmail 6.2.2

  • Fetchmail 6.2.3

  • Fetchmail 6.2.4

  • Fetchmail 6.2.5

  • Fetchmail 6.2.5.1

  • Fetchmail 6.2.5.2

  • Fetchmail 6.2.5.4

  • Fetchmail 6.2.6

  • Fetchmail 6.2.9

  • Fetchmail 6.3.0

  • Fetchmail 6.3.1

  • Fetchmail 6.3.2

  • Fetchmail 6.3.3

  • Fetchmail 6.3.4

  • Fetchmail 6.3.5

  • Fetchmail 6.3.6

  • Fetchmail 6.3.7

  • Fetchmail 6.3.8


References

FEDORA - FEDORA-2008-5800

FEDORA - FEDORA-2008-5789

CONFIRM - https://issues.rpath.com/browse/RPL-2623

MISC - https://bugzilla.novell.com/show_bug.cgi?id=354291

XF - fetchmail-logmessage-dos(43121)

VUPEN - ADV-2009-0422

VUPEN - ADV-2008-1860

SECTRACK - 1020298

BID - 29705

BUGTRAQ - 20080729 rPSA-2008-0235-1 fetchmail fetchmailconf

BUGTRAQ - 20080617 fetchmail security announcement fetchmail-SA-2008-01 (CVE-2008-2711)

MLIST - [oss-security] 20080613 CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode

MANDRIVA - MDVSA-2008:117

CONFIRM - http://www.fetchmail.info/fetchmail-SA-2008-01.txt

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0235

CONFIRM - http://support.apple.com/kb/HT3438

SLACKWARE - SSA:2008-210-01

SECUNIA - 33937

SECUNIA - 31287

SECUNIA - 31262

SECUNIA - 30895

SECUNIA - 30742

APPLE - APPLE-SA-2009-02-12

Related Patches

Apple 2009-02-12 Security Update 2009-001 Server (Tiger PPC)

Apple 2009-02-12 Security Update 2009-001 (Tiger PPC)

Apple 2009-02-12 Security Update 2009-001 Server (Tiger Intel)

Apple 2009-02-12 Security Update 2009-001 (Tiger Intel)

Red Hat 2009:1427-01 RHSA Moderate: fetchmail security update for RHEL 5 x86


Last Updated: 27 May 2016 10:47:57