diff options
author | barner <barner@FreeBSD.org> | 2005-07-22 17:44:32 +0800 |
---|---|---|
committer | barner <barner@FreeBSD.org> | 2005-07-22 17:44:32 +0800 |
commit | 633990035597dd465945c03e9633ab16ebfe51cb (patch) | |
tree | b4cb310f1bd7b675c2d046f5a054078c1802b835 /security/vuxml | |
parent | e8b72cfd12c23ad4f35c7ad74b0ab6c5d4fd0183 (diff) | |
download | freebsd-ports-gnome-633990035597dd465945c03e9633ab16ebfe51cb.tar.gz freebsd-ports-gnome-633990035597dd465945c03e9633ab16ebfe51cb.tar.zst freebsd-ports-gnome-633990035597dd465945c03e9633ab16ebfe51cb.zip |
Document denial of service attack in fetchmail 6.5.2.1.
Reported by: Matthias Andree <matthias.andree@gmx.de>
Reviewed by: simon
Diffstat (limited to 'security/vuxml')
-rw-r--r-- | security/vuxml/vuln.xml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index eab91cfb00c2..2c2b7cc1e30a 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,36 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="3f4ac724-fa8b-11d9-afcf-0060084a00e5"> + <topic>fetchmail -- denial of service/crash from malicious POP3 server</topic> + <affects> + <package> + <name>fetchmail</name> + <range><eq>6.2.5.1</eq></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>In fetchmail 6.2.5.1, the the remote code injection via + POP3 UIDL was fixed, but a denial of service attack was + introduced:</p> + <p>Two possible NULL-pointer dereferences allow a malicous + POP3 server to crash fetchmail by respondig with UID lines + containing only the article number but no UID (in violation + of RFC-1939), or a message without Message-ID when no UIDL + support is available.</p> + </body> + </description> + <references> + <mlist msgid="20050721172317.GB3071@amilo.ms.mff.cuni.cz">http://lists.berlios.de/pipermail/fetchmail-devel/2005-July/000397.html</mlist> + <url>http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt</url> + </references> + <dates> + <discovery>2005-07-21</discovery> + <entry>2005-07-22</entry> + </dates> + </vuln> + <vuln vid="e72fd82b-fa01-11d9-bc08-0001020eed82"> <topic>dnrd -- remote buffer and stack overflow vulnerabilities</topic> <affects> |