FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-1947

This CVE name corresponds to:

Entered Topic
2011-06-06 fetchmail -- STARTTLS denial of service

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-1947 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-1947
Phase Assigned(20110509)

Description

fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.

References

Source Reference
BUGTRAQ 20110606 fetchmail security announcement fetchmail-SA-2011-01 (CVE-2011-1947)
MLIST [oss-security] 20110530 CVE request for fetchmail STARTTLS hang (Denial of Service)
MLIST [oss-security] 20110531 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)
MLIST [oss-security] 20110531 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)
MLIST [oss-security] 20110601 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)
CONFIRM http://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt
CONFIRM http://www.fetchmail.info/fetchmail-SA-2011-01.txt
FEDORA FEDORA-2011-8011
FEDORA FEDORA-2011-8021
FEDORA FEDORA-2011-8059
MANDRIVA MDVSA-2011:107
BID 48043
SECTRACK 1025605
XF fetchmail-starttls-dos(67700)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.