Page 2 of 10 results (0.012 seconds)

CVSS: 6.4EPSS: 0%CPEs: 117EXPL: 0

CVE-2009-2666 – fetchmail: SSL null terminator bypass

https://notcve.org/view.php?id=CVE-2009-2666

socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. socket.c en fetchmail antes de v6.3.11 no maneja correctamente un caracter '\ 0' en el nombre de dominio en el campo Common Name (CN) de un certificado X.509, lo cual permite a atacacantes hombre-en-el-medio (man-in-the-middle) suplantar servidores SSL a su elección a través de certificados manipulados expedidos por una Autoridad de Certificación (CA) legítima, una cuestión relacionada con CVE-2009-2408. • http://fetchmail.berlios.de/fetchmail-SA-2009-01.txt http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://marc.info/?l=oss-security&m=124949601207156&w=2 http://osvdb.org/56855 http://secunia.com/advisories/36175 http://secunia.com/advisories/36179 http://secunia.com/advisories/36236 http://support.apple.com/kb/HT3937 http://www.debian.org/security/2009/dsa-1852 http://www.mandriva.com/security/advisories?name=MDVSA-2009:201 http://www • CWE-310: Cryptographic Issues •

CVSS: 4.3EPSS: 11%CPEs: 114EXPL: 0

CVE-2008-2711 – fetchmail: Crash in large log messages in verbose mode

https://notcve.org/view.php?id=CVE-2008-2711

fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages. fetchmail versión 6.3.8 y anteriores, cuando se ejecuta en modo -v -v (también se conoce como verbose), permite a los atacantes remotos causar una denegación de servicio (bloqueo y fallo de correo persistente) por medio de un mensaje de correo malformado con encabezados largos, lo que desencadena unas desreferencias erróneas cuando se utiliza vsnprintf para dar formato a mensajes de registro. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/30742 http://secunia.com/advisories/30895 http://secunia.com/advisories/31262 http://secunia.com/advisories/31287 http://secunia.com/advisories/33937 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.495740 http://support.apple.com/kb/HT3438 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0235 http://www.fetchmail.info/fetchmail-SA-2008-01&# • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 5%CPEs: 115EXPL: 0

CVE-2007-4565 – Fetchmail NULL pointer dereference

https://notcve.org/view.php?id=CVE-2007-4565

sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP. El archivo sink.c en fetchmail versiones anteriores a 6.3.9, permite a atacantes dependiendo del contexto causar una denegación de servicio (desreferencia del NULL y bloqueo de aplicación) al rechazar ciertos mensajes de advertencia que son enviados mediante SMTP. • http://fetchmail.berlios.de/fetchmail-SA-2007-02.txt http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html http://mknod.org/svn/fetchmail/branches/BRANCH_6-3/fetchmail-SA-2007-02.txt http://osvdb.org/45833 http://secunia.com/advisories/27399 http://secunia.com/advisories/33937 http://securityreason.com/securityalert/3074 http://support.apple.com/kb/HT3438 http://www.debian.org/securi • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 13%CPEs: 109EXPL: 0

CVE-2006-5867 – fetchmail not enforcing TLS for POP3 properly

https://notcve.org/view.php?id=CVE-2006-5867

fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks. fetchmail anetrior a 6.3.6-rc4 no fuerza TLS adecuadamente y puede transmitir contraseñas en texto en claro sobre enlaces inseguros si se producen determinadas circunstancias, lo cual permite a atacantes remotos obtener información sensible mediante ataques de hombre-en-medio (man-in-the-middle o MITM). • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://docs.info.apple.com/article.html?artnum=305391 http://fedoranews.org/cms/node/2429 http://fetchmail.berlios.de/fetchmail-SA-2006-02.txt http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html http://osvdb.org/31580 http://secunia.com/advisories/23631 http://secunia.com/advisories/23695 http://secunia.com/advisories/23714 http://secunia.com/advisories/23781 http://secunia.com • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 11%CPEs: 4EXPL: 0

CVE-2006-5974

https://notcve.org/view.php?id=CVE-2006-5974

fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions. fetchmail 6.3.5 y 6.3.6-rc4, cuando rechazan un mensaje entregado mediante la opción mda, permite a atacantes remotos provocar una denegación de servicio (caída) mediante vectores desconocidos que disparan una referencia a puntero nulo cuando se llama a las funciones (1) ferror o (2) fflush. • http://fedoranews.org/cms/node/2429 http://fetchmail.berlios.de/fetchmail-SA-2006-03.txt http://osvdb.org/31836 http://secunia.com/advisories/23631 http://secunia.com/advisories/23804 http://secunia.com/advisories/23838 http://secunia.com/advisories/23923 http://secunia.com/advisories/24151 http://security.gentoo.org/glsa/glsa-200701-13.xml http://securitytracker.com/id?1017479 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.517995 • CWE-20: Improper Input Validation •