|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 3074 CVE : CVE-2007-4565 SecurityRisk : Low  (About) Remote Exploit : No Local Exploit : Yes Exploit Available : No Credit : Matthias Andree Published : 29.08.2007
Advisory Content : fetchmail-SA-2007-02: Crash when warning message is rejected Topics: Crash when fetchmail-generated warning message is rejected Author: Matthias Andree Version: 1.0 Announced: 2007-07-29 Type: NULL pointer dereference trigged by outside circumstances Impact: denial of service possible Danger: low Credits: Earl Chew CVE Name: CVE-2007-4565 URL: http://fetchmail.berlios.de/fetchmail-SA-2007-02.txt Project URL: http://fetchmail.berlios.de/ Affects: fetchmail release < 6.3.9 Not affected: fetchmail release 6.3.9 Corrected: 2007-07-29 fetchmail SVN (rev 5119) 0. Release history ================== 2007-07-29 1.0 first draft for MITRE/CVE (visible in SVN) 1. Background ============= fetchmail is a software package to retrieve mail from remote POP2, POP3, IMAP, ETRN or ODMR servers and forward it to local SMTP, LMTP servers or message delivery agents. fetchmail ships with a graphical, Python/Tkinter based configuration utility named "fetchmailconf" to help the user create configuration (run control) files for fetchmail. 2. Problem description and Impact ================================= fetchmail will generated warning messages to the local postmaster or user in certain circumstances, for instance when authentication fails. If this warning message is refused by the SMTP listener that fetchmail is talking to, fetchmail attempts to dereference a NULL pointer when trying to find out if it should allow a bounce message to be sent. 3. Solution =========== Install fetchmail 6.3.9 or newer. The fetchmail source code is available from <http://developer.berlios.de/project/showfiles.php?group_id=1824>. A. Copyright, License and Warranty ================================== (C) Copyright 2007 by Matthias Andree, <matthias.andree@gmx.de>. Some rights reserved. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs German License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/ or send a letter to Creative Commons; 559 Nathan Abbott Way; Stanford, California 94305; USA. THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. Use the information herein at your own risk. END OF fetchmail-SA-2007-02.txt  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |