FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-2711

This CVE name corresponds to:

Entered Topic
2008-07-01 fetchmail -- potential crash in -v -v verbose mode (revised patch)
2008-06-20 fetchmail -- potential crash in -v -v verbose mode

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-2711 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-2711
Phase Assigned(20080616)

Description

fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.

References

Source Reference
BUGTRAQ 20080617 fetchmail security announcement fetchmail-SA-2008-01 (CVE-2008-2711)
MLIST [oss-security] 20080613 CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode
MISC https://bugzilla.novell.com/show_bug.cgi?id=354291
CONFIRM http://www.fetchmail.info/fetchmail-SA-2008-01.txt
MANDRIVA MDVSA-2008:117
BID 29705
FRSIRT ADV-2008-1860
SECTRACK 1020298
SECUNIA 30742

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.