Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1947

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-1947
Last Modified 06 Sep 2011 11:16:48
Published 02 Jun 2011 03:55:03
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1947

Summary

fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.

Vulnerable Systems

Application

  • Fetchmail 5.9.10

  • Fetchmail 5.9.11

  • Fetchmail 5.9.13

  • Fetchmail 5.9.9

  • Fetchmail 6.0.0

  • Fetchmail 6.1.0

  • Fetchmail 6.1.3

  • Fetchmail 6.2.0

  • Fetchmail 6.2.1

  • Fetchmail 6.2.2

  • Fetchmail 6.2.3

  • Fetchmail 6.2.4

  • Fetchmail 6.2.5

  • Fetchmail 6.2.5.1

  • Fetchmail 6.2.5.2

  • Fetchmail 6.2.5.4

  • Fetchmail 6.2.6

  • Fetchmail 6.2.9

  • Fetchmail 6.3.0

  • Fetchmail 6.3.1

  • Fetchmail 6.3.10

  • Fetchmail 6.3.11

  • Fetchmail 6.3.12

  • Fetchmail 6.3.13

  • Fetchmail 6.3.14

  • Fetchmail 6.3.15

  • Fetchmail 6.3.16

  • Fetchmail 6.3.17

  • Fetchmail 6.3.18

  • Fetchmail 6.3.19

  • Fetchmail 6.3.2

  • Fetchmail 6.3.3

  • Fetchmail 6.3.4

  • Fetchmail 6.3.5

  • Fetchmail 6.3.6

  • Fetchmail 6.3.7

  • Fetchmail 6.3.8

  • Fetchmail 6.3.9


References

XF - fetchmail-starttls-dos(67700)

SECTRACK - 1025605

BID - 48043

BUGTRAQ - 20110606 fetchmail security announcement fetchmail-SA-2011-01 (CVE-2011-1947)

MANDRIVA - MDVSA-2011:107

CONFIRM - http://www.fetchmail.info/fetchmail-SA-2011-01.txt

MLIST - [oss-security] 20110601 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)

MLIST - [oss-security] 20110531 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)

MLIST - [oss-security] 20110530 CVE request for fetchmail STARTTLS hang (Denial of Service)

FEDORA - FEDORA-2011-8021

FEDORA - FEDORA-2011-8011

FEDORA - FEDORA-2011-8059

CONFIRM - http://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt

Related Patches

Novell SUSE 2011:5283 fetchmail recommended update for SLE 11 SP1 i586


Last Updated: 27 May 2016 10:56:52