oss-sec mailing list archives
Re: CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 16 Jun 2008 16:18:18 -0400 (EDT)
====================================================== Name: CVE-2008-2711 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711 Reference: MLIST:[oss-security] 20080613 CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode Reference: URL:http://www.openwall.com/lists/oss-security/2008/06/13/1 Reference: MISC:https://bugzilla.novell.com/show_bug.cgi?id=354291 fetchmail 6.3.8 and earlier, when running in -v -v mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which is not properly handled when using vsnprintf to format log messages.
Current thread:
- CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode Matthias Andree (Jun 13)
- Re: CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode Robert Buchholz (Jun 15)
- Re: CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode Matthias Andree (Jun 16)
- Re: CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode Jonathan Smith (Jun 16)
- Re: CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode Matthias Andree (Jun 17)
- Re: CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode Matthias Andree (Jun 16)
- Re: CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode Robert Buchholz (Jun 15)
- Re: CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode Steven M. Christey (Jun 16)
- Re: CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode Tomas Hoger (Jun 23)