Published: 11/10/2002 Updated: 18/10/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The getmxrecord function in Fetchmail 6.0.0 and previous versions does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote malicious users to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fetchmail fetchmail 5.9.10
fetchmail fetchmail 5.9.8
fetchmail fetchmail 5.8.4
fetchmail fetchmail 5.8.3
fetchmail fetchmail 5.5.5
fetchmail fetchmail 5.5.3
fetchmail fetchmail 5.3.3
fetchmail fetchmail 5.3.1
fetchmail fetchmail 5.2.0
fetchmail fetchmail 5.1.4
fetchmail fetchmail 5.0.2
fetchmail fetchmail 5.0.1
fetchmail fetchmail 4.7.2
fetchmail fetchmail 4.7.1
fetchmail fetchmail 4.6.4
fetchmail fetchmail 4.6.3
fetchmail fetchmail 4.5.4
fetchmail fetchmail 4.5.3
fetchmail fetchmail 5.4.0
fetchmail fetchmail
fetchmail fetchmail 5.9.13
fetchmail fetchmail 5.9.11
fetchmail fetchmail 5.8.11
fetchmail fetchmail 5.8.5
fetchmail fetchmail 5.6.0
fetchmail fetchmail 5.5.6
fetchmail fetchmail 5.4.3
fetchmail fetchmail 5.3.8
fetchmail fetchmail 5.2.3
fetchmail fetchmail 5.2.1
fetchmail fetchmail 5.0.4
fetchmail fetchmail 5.0.3
fetchmail fetchmail 4.7.4
fetchmail fetchmail 5.8.14
fetchmail fetchmail 5.8.13
fetchmail fetchmail 5.8
fetchmail fetchmail 5.7.2
fetchmail fetchmail 5.7.0
fetchmail fetchmail 5.4.5
fetchmail fetchmail 5.4.4
fetchmail fetchmail 5.2.7
fetchmail fetchmail 5.2.4
fetchmail fetchmail 5.0.6
fetchmail fetchmail 5.0.5
fetchmail fetchmail 4.7.6
fetchmail fetchmail 4.7.5
fetchmail fetchmail 4.6.8
fetchmail fetchmail 4.6.7
fetchmail fetchmail 4.5.8
fetchmail fetchmail 4.5.7
fetchmail fetchmail 5.9.0
fetchmail fetchmail 5.8.6
fetchmail fetchmail 5.9.5
fetchmail fetchmail 5.9.4
fetchmail fetchmail 5.8.2
fetchmail fetchmail 5.8.1
fetchmail fetchmail 5.5.2
fetchmail fetchmail 5.5.0
fetchmail fetchmail 5.3.0
fetchmail fetchmail 5.2.8
fetchmail fetchmail 5.1.0
fetchmail fetchmail 5.0.8
fetchmail fetchmail 5.0.7
fetchmail fetchmail 5.0.0
fetchmail fetchmail 4.7.7
fetchmail fetchmail 4.7.0
fetchmail fetchmail 4.6.9
fetchmail fetchmail 4.6.2
fetchmail fetchmail 4.6.1
fetchmail fetchmail 4.6.0
fetchmail fetchmail 4.5.2
fetchmail fetchmail 4.5.1
fetchmail fetchmail 4.7.3
fetchmail fetchmail 4.6.6
fetchmail fetchmail 4.6.5
fetchmail fetchmail 4.5.6
fetchmail fetchmail 4.5.5
fetchmail fetchmail 5.7.4
fetchmail fetchmail 5.8.17

Stefan Esser discovered several buffer overflows and a broken boundary check within fetchmail If fetchmail is running in multidrop mode these flaws can be used by remote attackers to crash it or to execute arbitrary code under the user id of the user running fetchmail Depending on the configuration this even allows a remote root compromise These ...

CWE-20 http://www.iss.net/security_center/static/10203.php http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-063.php http://www.debian.org/security/2002/dsa-171 http://rhn.redhat.com/errata/RHSA-2002-215.html http://www.linuxsecurity.com/advisories/other_advisory-2402.html http://www.securityfocus.com/bid/5826 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000531 http://marc.info/?l=bugtraq&m=103340148625187&w=2 https://nvd.nist.gov https://www.debian.org/security/./dsa-171

Get Started

CVE-2002-1175

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect