fetchmail multiple security vulnerabilities - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

fetchmail multiple security vulnerabilities
Published: 17.06.2008
Source: BUGTRAQ
SecurityVulns ID: 9095
Type: remote
Level: 5/10
Description: NULL pointer dereference, uninitialized pointer dereference.

Affected: FETCHMAIL : fetchmail 6.3
CVE: CVE-2008-2711 (fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.)
CVE-2007-4565 (fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.)

Original document FETCHMAIL, fetchmail security announcement fetchmail-SA-2008-01 (CVE-2008-2711) (17.06.2008)

FETCHMAIL, fetchmail security announcement fetchmail-SA-2007-02 (CVE-2007-4565) (17.06.2008)

Discuss: Read or add your comments to this news (0 comments)