Vulnerability & Exploit Database

Displaying all 6 entries

Results for: CVE-2008-2711 Back to search

RHSA-2009:1427: fetchmail security update Vulnerability

  • Severity: 6
  • Published: August 07, 2009

Fetchmail is a remote mail retrieval and forwarding utility intended foruse over on-demand TCP/IP links, such as SLIP and PPP connections.It was discovered that fetchmail is affected by the previously published"null prefix attack", caused by incorrect handling of NULL characters inX.509 certificates. If an attacker is able to get a caref...

FreeBSD: fetchmail -- potential crash in -v -v verbose mode (CVE-2008-2711) Vulnerability

  • Severity: 4
  • Published: June 16, 2008

fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.

Cent OS: CVE-2008-2711: CESA-2009:1427 (fetchmail) Vulnerability

  • Severity: 4
  • Published: June 16, 2008

fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.

OS X security update 2009-001 for fetchmail (CVE-2008-2711) Vulnerability

  • Severity: 4
  • Published: June 16, 2008

fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.

ELSA-2009-1427 Moderate: Enterprise Linux fetchmail security update Vulnerability

  • Severity: 6
  • Published: August 27, 2007

socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408....