FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-2335

This CVE name corresponds to:

Entered Topic
2005-07-20 fetchmail -- remote root/code injection from malicious POP3 server

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2005-2335 at cve.mitre.org

Details

Type Candidate
Name CVE-2005-2335
Phase Assigned(20050721)

Description

Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.

References

Source Reference
BUGTRAQ 20060526 rPSA-2006-0084-1 fetchmail
BUGTRAQ 20060801 DMA[2006-0801a] - 'Apple OSX fetchmail buffer overflow'
CONFIRM http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
CONFIRM http://developer.berlios.de/project/shownotes.php?release_id=6617
APPLE APPLE-SA-2006-08-01
DEBIAN DSA-774
FEDORA FEDORA-2005-613
FEDORA FEDORA-2005-614
MISC http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00104.html
REDHAT RHSA-2005:640
SUSE SUSE-SR:2005:018
CERT TA06-214A
BID 14349
BID 19289
OVAL oval:org.mitre.oval:def:8833
VUPEN ADV-2005-1171
VUPEN ADV-2006-3101
OSVDB 18174
OVAL oval:org.mitre.oval:def:1038
OVAL oval:org.mitre.oval:def:1124
SECUNIA 16176
SECUNIA 21253

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.