3 results (0.003 seconds)

CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. Fetchmail versiones anteriores a 6.4.22, no puede aplicar el cifrado de sesión STARTTLS en determinadas circunstancias, como una situación con IMAP y PREAUTH. • http://www.openwall.com/lists/oss-security/2021/08/27/3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XJ6XLEJCEZCAM5LGGD6XBCC522QLG4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXMKSEHAQSEDCWZMAOJEGX3P3JW6QY6H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZYCYLL73NP7ALJWSDICIVSA47ZIXWSSA https://nostarttls.secvuln.info https://security.gentoo.org/glsa/202209-14 https://www.fetchmail.info • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user. Una función report_vbuild en el archivo report.c en Fetchmail versiones anteriores a 6.4.20, a veces omite la inicialización del argumento vsnprintf va_list, lo que podría permitir a servidores de correo causar una denegación de servicio o posiblemente tener otro impacto no especificado por medio de largos mensajes de error. NOTA: no está claro si el uso de Fetchmail en cualquier plataforma realista presenta un impacto más allá de un inconveniente para el usuario cliente A flaw was found in fetchmail. The flaw lies in how fetchmail when running in verbose mode using the -v flag tries to log long messages that are created from long headers. • http://www.openwall.com/lists/oss-security/2021/07/28/5 http://www.openwall.com/lists/oss-security/2021/08/09/1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGYO5AHSXTCKA4NQC2Z4H3XMMYNAGC77 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIXKO6QW3AUHGJVWKJXBCOVBYJUJRBFC https://security.gentoo.org/glsa/202209-14 https://www.fetchmail.info/fetchmail-SA-2021-01.txt https://www.fetchmail.info/security.html https:/ • CWE-665: Improper Initialization CWE-909: Missing Initialization of Resource •

CVSS: 5.8EPSS: 0%CPEs: 93EXPL: 0

Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read. Fetchmail v5.0.8 hasta v6.3.21, cuando se utiliza la autenticación NTLM en modo de depuración, permite a servidores remotos NTLM (1) causar una denegación de servicio (caída y retraso en la entrega de correo entrante) a través de una respuesta NTLM manipulada que desencadena una lectura fuera de limites en el decodificador base64, o (2) obtener información confidencial de la memoria a través de un mensaje tipo NTLM 2 con una estructura Target Name modificada, lo que desencadena una lectura fuera de limites. • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088836.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088871.html http://seclists.org/oss-sec/2012/q3/230 http://seclists.org/oss-sec/2012/q3/232 http://www.fetchmail.info/fetchmail-SA-2012-02.txt http://www.securityfocus.com/bid/54987 https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail •