ID CVE-2005-4348
Summary fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.
References
Vulnerable Configurations
  • Fetchmail 6.2.0
    cpe:2.3:a:fetchmail:fetchmail:6.2.0
  • Fetchmail 6.2.1
    cpe:2.3:a:fetchmail:fetchmail:6.2.1
  • Fetchmail 6.2.2
    cpe:2.3:a:fetchmail:fetchmail:6.2.2
  • Fetchmail 6.2.3
    cpe:2.3:a:fetchmail:fetchmail:6.2.3
  • Fetchmail 6.2.4
    cpe:2.3:a:fetchmail:fetchmail:6.2.4
  • Fetchmail 6.2.5
    cpe:2.3:a:fetchmail:fetchmail:6.2.5
  • Fetchmail 6.2.5.1
    cpe:2.3:a:fetchmail:fetchmail:6.2.5.1
  • Fetchmail 6.2.5.2
    cpe:2.3:a:fetchmail:fetchmail:6.2.5.2
  • Fetchmail 6.2.5.4
    cpe:2.3:a:fetchmail:fetchmail:6.2.5.4
  • Fetchmail 6.3.0
    cpe:2.3:a:fetchmail:fetchmail:6.3.0
CVSS
Base: 7.8 (as of 21-12-2005 - 09:51)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_F7EB0B23709911DAA15C0060084A00E5.NASL
    description The fetchmail team reports : Fetchmail contains a bug that causes an application crash when fetchmail is configured for multidrop mode and the upstream mail server sends a message without headers. As fetchmail does not record this message as 'previously fetched', it will crash with the same message if it is re-executed, so it cannot make progress. A malicious or broken-into upstream server could thus cause a denial of service in fetchmail clients.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 21541
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21541
    title FreeBSD : fetchmail -- NULL pointer dereference in multidrop mode with headerless email (f7eb0b23-7099-11da-a15c-0060084a00e5)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0018.NASL
    description Updated fetchmail packages that fix two security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Fetchmail is a remote mail retrieval and forwarding utility. A denial of service flaw was found when Fetchmail was run in multidrop mode. A malicious mail server could send a message without headers which would cause Fetchmail to crash (CVE-2005-4348). This issue did not affect the version of Fetchmail shipped with Red Hat Enterprise Linux 2.1 or 3. A flaw was found in the way Fetchmail used TLS encryption to connect to remote hosts. Fetchmail provided no way to enforce the use of TLS encryption and would not authenticate POP3 protocol connections properly (CVE-2006-5867). This update corrects this issue by enforcing TLS encryption when the 'sslproto' configuration directive is set to 'tls1'. Users of Fetchmail should update to these packages, which contain backported patches to correct these issues. Note: This update may break configurations which assumed that Fetchmail would use plain-text authentication if TLS encryption is not supported by the POP3 server even if the 'sslproto' directive is set to 'tls1'. If you are using a custom configuration that depended on this behavior you will need to modify your configuration appropriately after installing this update.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 24316
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24316
    title RHEL 2.1 / 3 / 4 : fetchmail (RHSA-2007:0018)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FETCHMAIL-2602.NASL
    description Three security issues have been fixed in fetchmail : CVE-2005-4348: fetchmail when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers. CVE-2006-5867: fetchmail did not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks. CVE-2006-5974: fetchmail when refusing a message delivered via the mda option, allowed remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the ferror or fflush functions.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27213
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27213
    title openSUSE 10 Security Update : fetchmail (fetchmail-2602)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0018.NASL
    description From Red Hat Security Advisory 2007:0018 : Updated fetchmail packages that fix two security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Fetchmail is a remote mail retrieval and forwarding utility. A denial of service flaw was found when Fetchmail was run in multidrop mode. A malicious mail server could send a message without headers which would cause Fetchmail to crash (CVE-2005-4348). This issue did not affect the version of Fetchmail shipped with Red Hat Enterprise Linux 2.1 or 3. A flaw was found in the way Fetchmail used TLS encryption to connect to remote hosts. Fetchmail provided no way to enforce the use of TLS encryption and would not authenticate POP3 protocol connections properly (CVE-2006-5867). This update corrects this issue by enforcing TLS encryption when the 'sslproto' configuration directive is set to 'tls1'. Users of Fetchmail should update to these packages, which contain backported patches to correct these issues. Note: This update may break configurations which assumed that Fetchmail would use plain-text authentication if TLS encryption is not supported by the POP3 server even if the 'sslproto' directive is set to 'tls1'. If you are using a custom configuration that depended on this behavior you will need to modify your configuration appropriately after installing this update.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67440
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67440
    title Oracle Linux 3 / 4 : fetchmail (ELSA-2007-0018)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0018.NASL
    description Updated fetchmail packages that fix two security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Fetchmail is a remote mail retrieval and forwarding utility. A denial of service flaw was found when Fetchmail was run in multidrop mode. A malicious mail server could send a message without headers which would cause Fetchmail to crash (CVE-2005-4348). This issue did not affect the version of Fetchmail shipped with Red Hat Enterprise Linux 2.1 or 3. A flaw was found in the way Fetchmail used TLS encryption to connect to remote hosts. Fetchmail provided no way to enforce the use of TLS encryption and would not authenticate POP3 protocol connections properly (CVE-2006-5867). This update corrects this issue by enforcing TLS encryption when the 'sslproto' configuration directive is set to 'tls1'. Users of Fetchmail should update to these packages, which contain backported patches to correct these issues. Note: This update may break configurations which assumed that Fetchmail would use plain-text authentication if TLS encryption is not supported by the POP3 server even if the 'sslproto' directive is set to 'tls1'. If you are using a custom configuration that depended on this behavior you will need to modify your configuration appropriately after installing this update.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 24286
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24286
    title CentOS 3 / 4 : fetchmail (CESA-2007:0018)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2006-045-01.NASL
    description New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 20912
    published 2006-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20912
    title Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : fetchmail (SSA:2006-045-01)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-939.NASL
    description Daniel Drake discovered a problem in fetchmail, an SSL enabled POP3, APOP, IMAP mail gatherer/forwarder, that can cause a crash when the program is running in multidrop mode and receives messages without headers. The old stable distribution (woody) does not seem to be affected by this problem.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 22805
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22805
    title Debian DSA-939-1 : fetchmail - programming error
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FETCHMAIL-2608.NASL
    description Three security issues have been fixed in fetchmail : - fetchmail when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers. (CVE-2005-4348) - fetchmail did not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks. (CVE-2006-5867) - fetchmail when refusing a message delivered via the mda option, allowed remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the ferror or fflush functions. (CVE-2006-5974)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29425
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29425
    title SuSE 10 Security Update : fetchmail (ZYPP Patch Number 2608)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-236.NASL
    description Fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a DoS (application crash) by sending messages without headers from upstream mail servers. The updated packages have been patched to correct this problem.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 20467
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20467
    title Mandrake Linux Security Advisory : fetchmail (MDKSA-2005:236)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-233-1.NASL
    description Steve Fosdick discovered a remote Denial of Service vulnerability in fetchmail. When using fetchmail in 'multidrop' mode, a malicious email server could cause a crash by sending an email without any headers. Since fetchmail is commonly called automatically (with cron, for example), this crash could go unnoticed. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-26
    plugin id 20777
    published 2006-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20777
    title Ubuntu 4.10 / 5.04 / 5.10 : fetchmail vulnerability (USN-233-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2006-004.NASL
    description The remote host is running Apple Mac OS X, but lacks Security Update 2006-004. This security update contains fixes for the following applications : AFP Server Bluetooth Bom DHCP dyld fetchmail gnuzip ImageIO LaunchServices OpenSSH telnet WebKit
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 22125
    published 2006-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22125
    title Mac OS X Multiple Vulnerabilities (Security Update 2006-004)
oval via4
accepted 2013-04-29T04:21:07.736-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.
family unix
id oval:org.mitre.oval:def:9659
status accepted
submitted 2010-07-09T03:56:16-04:00
title fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.
version 23
redhat via4
advisories
rhsa
id RHSA-2007:0018
rpms
  • fetchmail-0:6.2.0-3.el3.3
  • fetchmail-0:6.2.5-6.el4.5
refmap via4
bid
  • 15987
  • 19289
bugtraq
  • 20051221 fetchmail security announcement fetchmail-SA-2005-03 (CVE-2005-4348)
  • 20060526 rPSA-2006-0084-1 fetchmail
confirm http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt
debian DSA-939
mandriva MDKSA-2005:236
misc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343836
osvdb 21906
sectrack 1015383
secunia
  • 17891
  • 18172
  • 18231
  • 18266
  • 18433
  • 18463
  • 18895
  • 21253
  • 24007
  • 24284
sgi 20070201-01-P
slackware SSA:2006-045-01
suse SUSE-SR:2007:004
trustix 2006-0002
ubuntu USN-233-1
vupen
  • ADV-2005-2996
  • ADV-2006-3101
xf fetchmail-null-pointer-dos(23713)
statements via4
contributor Mark J Cox
lastmodified 2007-01-31
organization Red Hat
statement The Red Hat Security Response Team has rated this issue as having low security impact. An update is available for Red Hat Enterprise Linux 4 to correct this issue: http://rhn.redhat.com/errata/RHSA-2007-0018.html This issue did not affect Red Hat Enterprise Linux 2.1 and 3.
Last major update 07-03-2011 - 21:28
Published 20-12-2005 - 19:03
Last modified 19-10-2018 - 11:40
Back to Top