Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2005-2335

Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.

Related bugs and status

CVE-2005-2335 (Candidate) is related to these bugs:

Bug #24758: fetchmail: lost patch: APOP and default fetchsizelimit

Summary				In	Importance	Status
	24758	fetchmail: lost patch: APOP and default fetchsizelimit		fetchmail (Ubuntu)	High	Invalid
	24758	fetchmail: lost patch: APOP and default fetchsizelimit		fetchmail (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://fetchmail.berli...
CONFIRM: http://developer.berli...
DEBIAN: DSA-774
FEDORA: FEDORA-2005-613
FEDORA: FEDORA-2005-614
MISC: http://www.redhat.com/...
BID: 14349
OSVDB: 18174
SECUNIA: 16176
REDHAT: RHSA-2005:640
SUSE: SUSE-SR:2005:018
APPLE: APPLE-SA-2006-08-01
SECUNIA: 21253
BID: 19289
CERT: TA06-214A
VUPEN: ADV-2005-1171
VUPEN: ADV-2006-3101
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20060526 rPSA-2006-008...
BUGTRAQ: 20060801 DMA[2006-0801...