Executive Summary
Summary | |
---|---|
Title | New fetchmail packages fix denial of service |
Informations | |||
---|---|---|---|
Name | DSA-939 | First vendor Publication | 2006-01-13 |
Vendor | Debian | Last vendor Modification | 2006-01-13 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Daniel Drake discovered a problem in fetchmail, an SSL enabled POP3, APOP, IMAP mail gatherer/forwarder, that can cause a crash when the program is running in multidrop mode and receives messages without headers. The old stable distribution (woody) does not seem to be affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 6.2.5-12sarge4. For the unstable distribution (sid) this problem has been fixed in version 6.3.1-1. We recommend that you upgrade your fetchmail package. |
Original Source
Url : http://www.debian.org/security/2006/dsa-939 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:9659 | |||
Oval ID: | oval:org.mitre.oval:def:9659 | ||
Title: | fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers. | ||
Description: | fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-4348 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for fetchmail File : nvt/sles9p5012567.nasl |
2008-09-04 | Name : FreeBSD Ports: fetchmail File : nvt/freebsd_fetchmail4.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 939-1 (fetchmail) File : nvt/deb_939_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2006-045-01 fetchmail File : nvt/esoft_slk_ssa_2006_045_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
21906 | Fetchmail Multidrop Mode Headerless Message Remote DoS Fetchmail contains a flaw that may allow a remote denial of service. The issue is triggered when fetchmail is configured for multidrop mode and the upstream mail server sends a message without headers, and will result in a loss of availability for the application. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2007-0018.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_fetchmail-2608.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_fetchmail-2602.nasl - Type : ACT_GATHER_INFO |
2007-02-09 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2007-0018.nasl - Type : ACT_GATHER_INFO |
2007-02-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0018.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-939.nasl - Type : ACT_GATHER_INFO |
2006-08-01 | Name : The remote operating system is missing a vendor-supplied patch. File : macosx_SecUpd2006-004.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_f7eb0b23709911daa15c0060084a00e5.nasl - Type : ACT_GATHER_INFO |
2006-02-15 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2006-045-01.nasl - Type : ACT_GATHER_INFO |
2006-01-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-233-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-236.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:34:48 |
|