oss-sec mailing list archives

Re: CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode

From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 16 Jun 2008 16:18:18 -0400 (EDT)


======================================================
Name: CVE-2008-2711
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711
Reference: MLIST:[oss-security] 20080613 CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode
Reference: URL:http://www.openwall.com/lists/oss-security/2008/06/13/1
Reference: MISC:https://bugzilla.novell.com/show_bug.cgi?id=354291

fetchmail 6.3.8 and earlier, when running in -v -v mode, allows remote
attackers to cause a denial of service (crash and persistent mail
failure) via a malformed mail message with long headers, which is not
properly handled when using vsnprintf to format log messages.

Current thread:

CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode Matthias Andree (Jun 13)
- Re: CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode Robert Buchholz (Jun 15)
  - Re: CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode Matthias Andree (Jun 16)
    - Re: CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode Jonathan Smith (Jun 16)
    - Re: CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode Matthias Andree (Jun 17)
- Re: CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode Steven M. Christey (Jun 16)
- Re: CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode Tomas Hoger (Jun 23)