Lucene search

[email protected]NVD:CVE-2011-1947

HistoryJun 02, 2011 - 7:55 p.m.

CVE-2011-1947

2011-06-0219:55:03

CWE-399

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.6%

JSON

fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.

Affected configurations

NVD

Node

fetchmailfetchmailMatch5.9.9

fetchmailfetchmailMatch5.9.10

fetchmailfetchmailMatch5.9.11

fetchmailfetchmailMatch5.9.13

fetchmailfetchmailMatch6.0.0

fetchmailfetchmailMatch6.1.0

fetchmailfetchmailMatch6.1.3

fetchmailfetchmailMatch6.2.0

fetchmailfetchmailMatch6.2.1

fetchmailfetchmailMatch6.2.2

fetchmailfetchmailMatch6.2.3

fetchmailfetchmailMatch6.2.4

fetchmailfetchmailMatch6.2.5

fetchmailfetchmailMatch6.2.5.1

fetchmailfetchmailMatch6.2.5.2

fetchmailfetchmailMatch6.2.5.4

fetchmailfetchmailMatch6.2.6pre4

fetchmailfetchmailMatch6.2.6pre8

fetchmailfetchmailMatch6.2.6pre9

fetchmailfetchmailMatch6.2.9rc10

fetchmailfetchmailMatch6.2.9rc3

fetchmailfetchmailMatch6.2.9rc4

fetchmailfetchmailMatch6.2.9rc5

fetchmailfetchmailMatch6.2.9rc7

fetchmailfetchmailMatch6.2.9rc8

fetchmailfetchmailMatch6.2.9rc9

fetchmailfetchmailMatch6.3.0

fetchmailfetchmailMatch6.3.1

fetchmailfetchmailMatch6.3.2

fetchmailfetchmailMatch6.3.3

fetchmailfetchmailMatch6.3.4

fetchmailfetchmailMatch6.3.5

fetchmailfetchmailMatch6.3.6

fetchmailfetchmailMatch6.3.6rc1

fetchmailfetchmailMatch6.3.6rc2

fetchmailfetchmailMatch6.3.6rc3

fetchmailfetchmailMatch6.3.6rc4

fetchmailfetchmailMatch6.3.6rc5

fetchmailfetchmailMatch6.3.7

fetchmailfetchmailMatch6.3.8

fetchmailfetchmailMatch6.3.9

fetchmailfetchmailMatch6.3.9rc2

fetchmailfetchmailMatch6.3.10

fetchmailfetchmailMatch6.3.11

fetchmailfetchmailMatch6.3.12

fetchmailfetchmailMatch6.3.13

fetchmailfetchmailMatch6.3.14

fetchmailfetchmailMatch6.3.15

fetchmailfetchmailMatch6.3.16

fetchmailfetchmailMatch6.3.17

fetchmailfetchmailMatch6.3.18

fetchmailfetchmailMatch6.3.19

References

gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt

lists.fedoraproject.org/pipermail/package-announce/2011-June/061634.html

lists.fedoraproject.org/pipermail/package-announce/2011-June/061672.html

lists.fedoraproject.org/pipermail/package-announce/2011-June/061735.html

openwall.com/lists/oss-security/2011/05/30/1

openwall.com/lists/oss-security/2011/05/31/12

openwall.com/lists/oss-security/2011/05/31/17

openwall.com/lists/oss-security/2011/06/01/2

www.fetchmail.info/fetchmail-SA-2011-01.txt

www.mandriva.com/security/advisories?name=MDVSA-2011:107

www.securityfocus.com/archive/1/518251/100/0/threaded

www.securityfocus.com/bid/48043

www.securitytracker.com/id?1025605

exchange.xforce.ibmcloud.com/vulnerabilities/67700

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.6%

JSON

Related for NVD:CVE-2011-1947

cve1 nessus9 openvas12 fedora3 altlinux3 debiancve1 securityvulns2 freebsd1 ubuntucve1 slackware1 prion1 cvelist1