84 matches found
Ubuntu Update for fetchmail vulnerability USN-405-1
Ubuntu Update for Linux kernel vulnerabilities USN-405-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4051.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for fetchmail vulnerability USN-405-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
Mandrake Linux Security Advisory : fetchmail (MDKSA-2007:179)
A vulnerability in fetchmail was found where it could crash when attempting to deliver an internal warning or error message through an untrusted or compromised SMTP server, leading to a denial of service. Updated packages have been patched to prevent these issues. %NASLMINLEVEL 70300 C Tenable...
CVE-2007-4565
sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service NULL dereference and application crash by refusing certain warning messages that are sent over SMTP...
CVE-2007-4565
sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service NULL dereference and application crash by refusing certain warning messages that are sent over SMTP...
CVE-2007-4565
sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service NULL dereference and application crash by refusing certain warning messages that are sent over SMTP...
security flaw
fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service application crash by sending messages without headers from upstream mail servers...
fetchmail not enforcing TLS for POP3 properly
fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle MITM attacks...
CVE-2006-5974
fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service crash via unknown vectors that trigger a NULL pointer dereference when calling the 1 ferror or 2 fflush functions...
CVE-2006-5867
fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle MITM attacks...
CVE-2006-0321
fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service crash via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster...
CVE-2006-0321
fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service crash via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster...
DEBIAN-CVE-2005-4348
fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service application crash by sending messages without headers from upstream mail servers...
CVE-2005-4348
fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service application crash by sending messages without headers from upstream mail servers...
Debian DSA-071-1 : fetchmail - memory corruption
Salvatore Sanfilippo found two remotely exploitable problems infetchmail while doing a security audit. In both the IMAP code and the POP3 code, the input isn't verified even though it's used to store a number in an array. Since no bounds checking is done this can be used by an attacker to write...
CVE-2002-1365
Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses...
Mandrake Linux Security Advisory : fetchmail (MDKSA-2001:072)
A vulnerability was found by Salvatore Sanfilippo in both the IMAP and POP3 code of fetchmail where the input is not verified and no bounds checking is done. This can be exploited by a remote attacker to write arbitrary data into memory. The attacker must have control of the mail server the clien...
Mandrake Linux Security Advisory : fetchmail (MDKSA-2002:036)
A problem was discovered with versions of fetchmail prior to 5.9.10 that was triggered by retreiving mail from an IMAP server. The fetchmail client will allocate an array to store the sizes of the messages it is attempting to retrieve. This array size is determined by the number of messages the...
SUSE-SA:2003:001: fetchmail
The remote host is missing the patch for the advisory SUSE-SA:2003:001 fetchmail. fetchmail is used to download emails from POP-, IMAP-, ETRN- or ODMR- servers. Stefan Esser of e-matters reported a bug in fetchmail's mail address expanding code which can lead to remote system compromise. When...
RHEL 2.1 : fetchmail (RHSA-2002:216)
Updated Fetchmail packages are available for Red Hat Linux Advanced Server which close a remotely-exploitable vulnerability in unpatched versions of Fetchmail prior to 6.1.0. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links such as SLIP and...
CVE-2003-0792
Fetchmail 6.2.4 and earlier does not properly allocate memory for long lines, which allows remote attackers to cause a denial of service crash via a certain email...