FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-2711

This CVE name corresponds to:

Entered Topic
2008-07-01 fetchmail -- potential crash in -v -v verbose mode (revised patch)
2008-06-20 fetchmail -- potential crash in -v -v verbose mode

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-2711 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-2711
Phase Assigned(20080616)

Description

fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.

References

Source Reference
BUGTRAQ 20080617 fetchmail security announcement fetchmail-SA-2008-01 (CVE-2008-2711)
BUGTRAQ 20080729 rPSA-2008-0235-1 fetchmail fetchmailconf
MLIST [oss-security] 20080613 CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode
MISC https://bugzilla.novell.com/show_bug.cgi?id=354291
CONFIRM http://www.fetchmail.info/fetchmail-SA-2008-01.txt
CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0235
CONFIRM https://issues.rpath.com/browse/RPL-2623
CONFIRM http://support.apple.com/kb/HT3438
APPLE APPLE-SA-2009-02-12
FEDORA FEDORA-2008-5789
FEDORA FEDORA-2008-5800
MANDRIVA MDVSA-2008:117
SLACKWARE SSA:2008-210-01
BID 29705
OVAL oval:org.mitre.oval:def:10950
VUPEN ADV-2008-1860
VUPEN ADV-2009-0422
SECTRACK 1020298
SECUNIA 30742
SECUNIA 31262
SECUNIA 31287
SECUNIA 30895
SECUNIA 33937
XF fetchmail-logmessage-dos(43121)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.