aboutsummaryrefslogtreecommitdiffstats
path: root/security/vuxml
diff options
context:
space:
mode:
authorbarner <barner@FreeBSD.org>2005-07-22 17:44:32 +0800
committerbarner <barner@FreeBSD.org>2005-07-22 17:44:32 +0800
commit633990035597dd465945c03e9633ab16ebfe51cb (patch)
treeb4cb310f1bd7b675c2d046f5a054078c1802b835 /security/vuxml
parente8b72cfd12c23ad4f35c7ad74b0ab6c5d4fd0183 (diff)
downloadfreebsd-ports-gnome-633990035597dd465945c03e9633ab16ebfe51cb.tar.gz
freebsd-ports-gnome-633990035597dd465945c03e9633ab16ebfe51cb.tar.zst
freebsd-ports-gnome-633990035597dd465945c03e9633ab16ebfe51cb.zip
Document denial of service attack in fetchmail 6.5.2.1.
Reported by: Matthias Andree <matthias.andree@gmx.de> Reviewed by: simon
Diffstat (limited to 'security/vuxml')
-rw-r--r--security/vuxml/vuln.xml30
1 files changed, 30 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index eab91cfb00c2..2c2b7cc1e30a 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -32,6 +32,36 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="3f4ac724-fa8b-11d9-afcf-0060084a00e5">
+ <topic>fetchmail -- denial of service/crash from malicious POP3 server</topic>
+ <affects>
+ <package>
+ <name>fetchmail</name>
+ <range><eq>6.2.5.1</eq></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>In fetchmail 6.2.5.1, the the remote code injection via
+ POP3 UIDL was fixed, but a denial of service attack was
+ introduced:</p>
+ <p>Two possible NULL-pointer dereferences allow a malicous
+ POP3 server to crash fetchmail by respondig with UID lines
+ containing only the article number but no UID (in violation
+ of RFC-1939), or a message without Message-ID when no UIDL
+ support is available.</p>
+ </body>
+ </description>
+ <references>
+ <mlist msgid="20050721172317.GB3071@amilo.ms.mff.cuni.cz">http://lists.berlios.de/pipermail/fetchmail-devel/2005-July/000397.html</mlist>
+ <url>http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt</url>
+ </references>
+ <dates>
+ <discovery>2005-07-21</discovery>
+ <entry>2005-07-22</entry>
+ </dates>
+ </vuln>
+
<vuln vid="e72fd82b-fa01-11d9-bc08-0001020eed82">
<topic>dnrd -- remote buffer and stack overflow vulnerabilities</topic>
<affects>