Page 2 of 8 results (0.004 seconds)

CVSS: 6.4EPSS: 0%CPEs: 117EXPL: 0

CVE-2009-2666 – fetchmail: SSL null terminator bypass

https://notcve.org/view.php?id=CVE-2009-2666

socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. socket.c en fetchmail antes de v6.3.11 no maneja correctamente un caracter '\ 0' en el nombre de dominio en el campo Common Name (CN) de un certificado X.509, lo cual permite a atacacantes hombre-en-el-medio (man-in-the-middle) suplantar servidores SSL a su elección a través de certificados manipulados expedidos por una Autoridad de Certificación (CA) legítima, una cuestión relacionada con CVE-2009-2408. • http://fetchmail.berlios.de/fetchmail-SA-2009-01.txt http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://marc.info/?l=oss-security&m=124949601207156&w=2 http://osvdb.org/56855 http://secunia.com/advisories/36175 http://secunia.com/advisories/36179 http://secunia.com/advisories/36236 http://support.apple.com/kb/HT3937 http://www.debian.org/security/2009/dsa-1852 http://www.mandriva.com/security/advisories?name=MDVSA-2009:201 http://www • CWE-310: Cryptographic Issues •

CVSS: 4.3EPSS: 11%CPEs: 114EXPL: 0

CVE-2008-2711 – fetchmail: Crash in large log messages in verbose mode

https://notcve.org/view.php?id=CVE-2008-2711

fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages. fetchmail versión 6.3.8 y anteriores, cuando se ejecuta en modo -v -v (también se conoce como verbose), permite a los atacantes remotos causar una denegación de servicio (bloqueo y fallo de correo persistente) por medio de un mensaje de correo malformado con encabezados largos, lo que desencadena unas desreferencias erróneas cuando se utiliza vsnprintf para dar formato a mensajes de registro. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/30742 http://secunia.com/advisories/30895 http://secunia.com/advisories/31262 http://secunia.com/advisories/31287 http://secunia.com/advisories/33937 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.495740 http://support.apple.com/kb/HT3438 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0235 http://www.fetchmail.info/fetchmail-SA-2008-01&# • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 5%CPEs: 115EXPL: 0

CVE-2007-4565 – Fetchmail NULL pointer dereference

https://notcve.org/view.php?id=CVE-2007-4565

sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP. El archivo sink.c en fetchmail versiones anteriores a 6.3.9, permite a atacantes dependiendo del contexto causar una denegación de servicio (desreferencia del NULL y bloqueo de aplicación) al rechazar ciertos mensajes de advertencia que son enviados mediante SMTP. • http://fetchmail.berlios.de/fetchmail-SA-2007-02.txt http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html http://mknod.org/svn/fetchmail/branches/BRANCH_6-3/fetchmail-SA-2007-02.txt http://osvdb.org/45833 http://secunia.com/advisories/27399 http://secunia.com/advisories/33937 http://securityreason.com/securityalert/3074 http://support.apple.com/kb/HT3438 http://www.debian.org/securi • CWE-476: NULL Pointer Dereference •