INFORMATION

Name : CVE-2010-0562 First Publication : 2010-02-08
Severity : Medium Last Modification : 2010-02-24

SCORING CVSS v2

Cvss Base Score : 6.8 Attack Range : Network
Cvss Impact Score : 6.4 Attack Complexity : Medium
Cvss Expoit Score : 8.6 Authentification : None Required

Calculate full CVSS 2.0 Vectors scores

DETAIL

The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set, which triggers a heap-based buffer overflow during escaping.



CWE COMMON WEAKNESS ENUMERATION

CWE-119 - Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE COMMON PLATFORM ENUMERATION


OPEN SOURCE VULNERABILTY DATABASE (OSVDB)

62114 : fetchmail X.509 Certificate Printing sdump.c sdump() Function Overflow.


SECONDARY(S) SOURCE(S)


Source : BID
Url : http://www.securityfocus.com/bid/38088

Source : CONFIRM
Url : http://mknod.org/svn/fetchmail/branches/BRANCH_6-3/fetchmail-SA-2010-01.txt
Url : http://www.fetchmail.info/fetchmail-SA-2010-01.txt

Source : MANDRIVA
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2010:037

Source : OSVDB
Url : http://osvdb.org/62114

Source : SECTRACK
Url : http://www.securitytracker.com/id?1023543

Source : SECUNIA
Url : http://secunia.com/advisories/38391

Source : VUPEN
Url : http://www.vupen.com/english/advisories/2010/0296