CVE-2008-2711
Published: 16 June 2008
fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.
Notes
Author | Note |
---|---|
jdstrand | per Debian, http://www.openwall.com/lists/oss-security/2008/06/13/1, -vv is only used for debugging purposes so this does not prevent a victim from getting mails. -vv is not used in non-interactive use. |
Priority
Status
Package | Release | Status |
---|---|---|
fetchmail Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Not vulnerable
(6.3.8-11ubuntu3)
|
|
upstream |
Needs triage
|
|
jaunty |
Not vulnerable
(6.3.8-11ubuntu3)
|
|
karmic |
Not vulnerable
(6.3.8-11ubuntu3)
|
|
lucid |
Not vulnerable
(6.3.8-11ubuntu3)
|
|
maverick |
Not vulnerable
(6.3.8-11ubuntu3)
|
|
natty |
Not vulnerable
(6.3.8-11ubuntu3)
|
|
oneiric |
Not vulnerable
(6.3.8-11ubuntu3)
|
|
precise |
Not vulnerable
(6.3.8-11ubuntu3)
|
|
quantal |
Not vulnerable
(6.3.8-11ubuntu3)
|
|
raring |
Not vulnerable
(6.3.8-11ubuntu3)
|
|
Patches: debdiff: https://bugs.launchpad.net/bugs/240549 debdiff: http://launchpad.net/bugs/240549 |